Re: SOLVED! Apache mod_perl + mod_cgi in same directory

To: Debian-User List <debian-user@lists.debian.org>
Subject: Re: SOLVED! Apache mod_perl + mod_cgi in same directory
From: Nathan E Norman <nnorman@micromuse.com>
Date: Mon, 2 Apr 2001 16:51:26 -0500
Message-id: <[🔎] 20010402165126.O7585@micromuse.com>
Mail-followup-to: Debian-User List <debian-user@lists.debian.org>
In-reply-to: <[🔎] 20010402163234.A19615@gandalf.home.com>; from r.a.jacobs@home.com on Mon, Apr 02, 2001 at 04:32:34PM -0500
References: <20010329181854.A3721@gandalf.home.com> <3AC4A949.232A067B@mindspring.com> <[🔎] 20010402163234.A19615@gandalf.home.com>

On Mon, Apr 02, 2001 at 04:32:34PM -0500, Robert A. Jacobs wrote:
> Caveats:  This is not the most secure solution in the world.  If you do not
> personally know your users, as I do, and/or you do not trust them, I suggest 
> you stick with the Apache recommended approach of creating a cgi-bin and/or
> perl-bin directories and only allow cgi's served out of those directories.
> Since my webserver is for development purposes, I wanted greater flexibility.

You should never allow mod_perl access to people you don't trust
unless you are prepared to run an unpriviledged instance of apache for
each mod_perl user.  This gets ugly in a hurry since you have to do
proxy or redirects from the port 80 apache.

-- 
Nathan Norman - Staff Engineer | A good plan today is better
Micromuse Ltd.                 | than a perfect plan tomorrow.
mailto:nnorman@micromuse.com   |   -- Patton

Attachment: pgptKL5oDU3sW.pgp
Description: PGP signature

Reply to:

References:
- SOLVED! Apache mod_perl + mod_cgi in same directory
  - From: "Robert A. Jacobs" <r.a.jacobs@home.com>

Prev by Date: Re: Debian + exim + procmail
Next by Date: Re: signing off
Previous by thread: SOLVED! Apache mod_perl + mod_cgi in same directory
Next by thread: RE: Why does gnome pager no longer iconize open apps on the
Index(es):
- Date
- Thread