RE:[cobalt-users] CGI Question

["David Hall" <dhall@xxxxxxxxxxxxxx>]

Create a secure directory called cgi-bin or any name at the web level for a
site.
/home/sites/site1/secure/cgi-bin

If you simply do not want anyone viewing the contents of cgi-bin or get a
forbidden
message set the permissions for the cgi-bin
to 711, the cgi programs will still function.
Or just create a index.html in the cgi-bin page with a
redirect

The most important thing about cgi programs is making sure the script itself
is secure,
and not buggy, this  could potentially harm your server much more than an in
secure cgi bin
and that's no easy endeavor make sure you only use scripts from known
reputable sources.
They may intentionally or unintentionally leak information about the host
system that will help hackers break in.
Scripts that process remote user input, such as the contents of a form or a
"searchable index" command, may be vulnerable to attacks in which the remote
user tricks them into executing commands.
If others are installing scripts on your server you could ask to review them
before they are installed or if you are really worried
install them yourself.
I would also leave cgiwrap installed if you are allowing other to run
scripts it offers some protection.

Here is a good article on CGI security by solena sol
http://stars.com/Authoring/Scripting/Security/

--------------------------------------------------------

Hi
	I have a question about cgi. I know that scripts can run from the web
directory but is this safe security wise? I want to create a cgi bin for
each of the sites on my raq but I want it so it has permission to run the
scripts and the owner (site admin to have permission to delete add ect
scripts but I do not want him to be able to delete or change the permission
of the cgi directory. I want it so if someone from the net entered
www.mydomain.com/cgi-bin they would get a not allowed mesage.i.e it cant be
browsed.Any Ideas?

				Regards Andy



-