Malte Brill wrote:
Thanks for your replies. That is a good starting point. What I am
exactly after is some kind of pros and cons list that goes into detail
on stability and security. Maybe some ISPs experiences things that went
good or wrong. Perhaps a list with succesfull uses of revCGI.
In a discussion about this a few years ago, Scott Raney said that he
couldn't think of any insecurities with CGIs that were innate to the
engine. There aren't any loopholes per se; the problems would be only in
your scripts. Your CGI scripts should not parse parameters
indisciminately -- instead, they need to check that params are correct
and only act if that is the case. In other words, your scripts might
allow indiscriminate access, but the engine doesn't.
Jaque wrote:
>The good part is that you don't have to know ahead of time. The CGI
>script will error and then you check the error log. The missing
>libraries will be listed there, so all you have to do is holler at the
>ISP and tell them to get those installed.
This is interesting. Where is the error log stored? Will I have access
to it? Or is it something only the ISP will see.
It depends on your ISP, but every one I've ever had gave me access to
the error log. My ISP has an entry in my control panel online where I
can see it. You'll have to ask where your provider keeps it, but I am
fairly sure you can have access. It is a normal part of debugging a web
site.
--
Jacqueline Landman Gay | [EMAIL PROTECTED]
HyperActive Software | http://www.hyperactivesw.com
_______________________________________________
use-revolution mailing list
use-revolution@lists.runrev.com
Please visit this url to subscribe, unsubscribe and manage your subscription
preferences:
http://lists.runrev.com/mailman/listinfo/use-revolution
