[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-users] All folders visable on whole server

Subject: Re: [cobalt-users] All folders visable on whole server
From: "Brian Curtis" <admin@xxxxxxxxxxx>
Date: Fri Dec 8 16:08:04 2000
Organization: Pomfret Computer Technologies
List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>

> Besides disabling server-side scripting languages for all accounts on the
> server, does anyone know a setting in Apache that will prevent a script
like
> this from being run (or better yet, allowing it to run but limiting the
> access to the script owner's web directory)? Using a script like this you
> can browse any directory (even if it's password protected with .htaccess)
> and view any file on the server.


Forgot to add to my last message:

<Files ~ "^adminpro\.(cgi|pl)$">
    Order allow,deny
    Deny from all
</Files>

Test: http://www.ctusa.net/cgi-bin/adminpro.cgi

But that doesn't prevent a user from renaming the script to something else
(though it's highly recommended *not* to for performance reasons within to
documentation).

--
Brian Curtis

Follow-Ups:
- Re: [cobalt-users] All folders visable on whole server
  - From: WebWorkshop

References:
- [cobalt-users] All folders visable on whole server
  - From: Stephan P. Muecke
- Re: [cobalt-users] All folders visable on whole server
  - From: Franklin S. Werren
- Re: [cobalt-users] All folders visable on whole server
  - From: WebWorkshop

Prev by Date: Re: [cobalt-users] Off list-- registration agents
Next by Date: [cobalt-users] re: Cheapest Domain Registrants
Previous by thread: Re: [cobalt-users] All folders visable on whole server
Next by thread: Re: [cobalt-users] All folders visable on whole server

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index