On Fri, Jan 14, 2000 at 04:55:02PM -0400, Jeff MacDonald wrote:
> this is a security issue i'd like to get some info
> on, i'm sure it's more with cgi than postgres, but
> heck.
>
First off, if the server is set up correctly a casual user should not be
able to browse the cgi-bin directory and see your code.
I'm not sure what server you are creating your scripts on, but if it is
Apache and mod_perl is available to you then this is even better. You
can create a handler in mod_perl for a "pseudo-directory" and hide your
code that way.
However, as I said in my first paragraph this should not be necessary as
normally web browsers can't browse the cgi-bin directory anyway and your
cgi-script should just send back to the browser html code and not the
perl code itself. Unless something is very very wrong....
--
-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Peter L. Berghold [EMAIL PROTECTED]
"Linux renders ships http://www.berghold.net
NT renders ships useless...."
************
