If you configure things in a secure fashion, someone can write the most malicious of CGIs and it won't be able to do anything. It'll run under a user that doesn't have write access to anywhere secure, and even if it purposefully crashes itself, it'll just go away and end up making the webserver return an error page. MetaCard can't write to disk if the user that launched the application can't.
Bad configurations make modules and CGIs both a potential hazard, good configurations make it nearly impossible to do any harm with either.
Well, unless you are on a Microsoft platform...
- Brian
_______________________________________________ metacard mailing list [EMAIL PROTECTED] http://lists.runrev.com/mailman/listinfo/metacard
