[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-users] CGI bin directory outside document root
- Subject: Re: [cobalt-users] CGI bin directory outside document root
- From: Keith Davis <cache@xxxxxxxxxx>
- Date: Mon Apr 16 13:27:05 2001
- Organization: Digital Odyssey Web Development
- List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>
Jamie Sue Winkelman wrote:
>
> I understand that for security reasons, the cgi-bin directory should be
> located outside the server's document root. Where is the best place to
> put this directory? How do I then call scripts located in that
> directory?
>
> I can successfully run scripts from within the server's document root,
> but wish to move the scripts outside the server's document root and have
> not had any luck. Any suggestions?
The idea is to put scripts outside of the domain to keep http clients
such as robots from reading a script and finding out where you read data
from and write data to. That cgi-bin is an alias and is is placed at the
same level as the domain root directory, 'web'. That's still a good
security measure if the script requires 0755 to execute. But that is not
the case on a RaQ, or on many Linux/Apache servers.
Place your script anywhere you want in the domain and give it only 0711
permissions. Since browsers and other http clients are 'world' users
they can still execute the script, but they cannot read it or write to
it. Only the 'owner' can rw on that file.
keith