------------------------------------------------ On Thu, 23 Jan 2003 03:41:30 -0800 (PST), Will <[EMAIL PROTECTED]> wrote:
> Not about perl, but CGI... > > Does anyone know why it would be more secure not to > allow HTML files in a cgi-bin? > > I was working on a project with both perl cgis and > html files in the cgi-bin. The cgi's ran fine, but I > was getting all sorts of errors from the HTML. I > asked the host, and they said it was fot security > reasons but nothing more. > > Just wondering if anyone would know what they meant. > > Thanks, > > Will > Personally sounds like a cookie cutter, security is on the brain, response. If you have access to write to the cgi-bin and *any* kind of file is setup as a handler than you have a security risk. There is no difference between a perl file and an html file at the system level, only that one usually contains Perl and one contains HTML. Without setting up a specific handler for HTML files found in script directories most likely the server will try and execute the script (HTML file), at which point no shebang will be found (in a normal HTML file that is) and then cough up an internal server error fur ball. Along these lines we used to setup cgi handlers for extensions like .bri, .matt, etc. so that each of our developers could write scripts with their own extension all in Perl (because it doesn't care about extensions) (granted this was 1998 and we should have been using RCS, etc.) but it worked well. The real question is why would you want/need to? http://danconia.org -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
