[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-developers] Properly configured cgi-bin?
- Subject: Re: [cobalt-developers] Properly configured cgi-bin?
- From: Brian Rahill <cobalt@xxxxxxxxxxxxxxxxxxxxxxx>
- Date: Fri Nov 2 07:59:12 2001
- List-id: Discussion Forum for developers on Sun Cobalt Networks products <cobalt-developers.list.cobalt.com>
At 09:07 PM 11/1/01 +0000, you wrote:
Hi guys,
I was just messing around with Merchant Order Form
(http://www.merchantorderform.com/) and it seems to place a lot of stress
on having a "properly configured cgi-bin area".
I know that my RaQ4r allows cgi's to be run from any directory, without
any special protection. Can anyone tell me what constitutes a "properly
configured cgi-bin area" (disallowed access to configuration files?
perhaps?) and how to set this up for clients requiring a package such as MOF?
I use MOF all the time and love it. A couple things you'll want to do to
keep it secure:
Turn off the ability to list files in directories that don't have an index
file.
I think the option is:
"Options -Indexes"
Put it in srm.conf. This will take care of it for the entire server -- a
good thing. You might want to search the archives just to make sure my
memory isn't failing me. Search for "turn off directory browsing"
Set the MOF conf files (i.e. mof.conf and mofpayment.conf) to have
permissions of 711. Actually 700 should probably work too. Since Cobalts
use a cgi-wrapped environment to run scripts, the scripts execute as the
username who owns them, so you shouldn't need to give permissions to anyone
else on these files.
Good luck.
Brian