[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: SOLVED! Apache mod_perl + mod_cgi in same directory

On Mon, Apr 02, 2001 at 04:32:34PM -0500, Robert A. Jacobs wrote:
> Caveats:  This is not the most secure solution in the world.  If you do not
> personally know your users, as I do, and/or you do not trust them, I suggest 
> you stick with the Apache recommended approach of creating a cgi-bin and/or
> perl-bin directories and only allow cgi's served out of those directories.
> Since my webserver is for development purposes, I wanted greater flexibility.

You should never allow mod_perl access to people you don't trust
unless you are prepared to run an unpriviledged instance of apache for
each mod_perl user.  This gets ugly in a hurry since you have to do
proxy or redirects from the port 80 apache.

Nathan Norman - Staff Engineer | A good plan today is better
Micromuse Ltd.                 | than a perfect plan tomorrow.
mailto:nnorman@micromuse.com   |   -- Patton

Attachment: pgp75hxuOhdmT.pgp
Description: PGP signature

Reply to: