--On Thursday, January 09, 2003 10:19:03 +0000 Dave Cragg <[EMAIL PROTECTED]> wrote:
You can't pass commands to mc engine and have it execute them (as with perl), only using a script and if the script is not there...At 11:09 am -0500 8/1/03, Richard MacLemale wrote:It's the metacard engine for Darwin. You can slap it into your CGI-EXECUTABLES folder and then write MetaTalk scripts to do cool CGI stuff.Changing topic slightly...I've seen a number of recommendations recently to put the mc cgi engine in the same folder as the cgi scripts themselves. Is there any possible security issue with this? For example, there are many warnings on the Web not to put the Perl engine for Win32 systems in the public cgi-bin directory. The reason is that the executable can be called directly from a url reference and a script passed as a parameter, allowing all kinds of untold damage to be done. I was wondering whether something equally devious was feasible with Metacard. While I haven't found a way to expoit this myself, I'd love the reassurance that it was perfectly safe approach.
I put the engine in /cgi-bin simply because sometimes I have no access to /usr/bin.
Cheers Dave _______________________________________________ metacard mailing list [EMAIL PROTECTED] http://lists.runrev.com/mailman/listinfo/metacard
Regards, Andu Novac _______________________________________________ metacard mailing list [EMAIL PROTECTED] http://lists.runrev.com/mailman/listinfo/metacard
