Re: [cobalt-users] CGI-Bin on RAQ2

[Mike Vanecek <nospam99@xxxxxxxxxxxx>]

On Thu, 22 Nov 2001 14:38:26 +0000, Glen Scott
<glen@xxxxxxxxxxxxxxxxxxxx> wrote:

:>>Hello,
:>>
:>>How does one go about loading and setting up a cgi-bin script on a RAQ2
:>>Server ??
:>>
:>
:>Hi,
:>
:>There is a good guide to CGI scripting on RaQs at the following URL:
:>
:>http://users.iol.it/hpstr/
:>

Nice page, but it does not help me with my problem. Maybe someone might
have an insight as to where else to look?

I have scripts running OK, but have run into something on a Qube2 (which
is similar to a RAQ2) that does not make sense to me. I have searched
and read tons of doco, but cannot find any problems with what I have
done. I would be curious to know if the same problem shows itself on a
RAQ2 or other Cobalt product.

It seems that cgiwrap overrides htaccess authentication. E.g.,

This url triggers htaccess authentication (the subdirectory /robo/info
has the .htaccess file shown at the bottom of this message):

http://<domain>/robo/info/who.pl

This url does not trigger htaccess authentication:

http://<domain>/cgiwrapDir/cgiwrap/robo/info/who.pl

The Qube2 htaccess file in the robo/info directory is

AddType text/x-server-parsed-html .html .shtml
AuthUserFile /home/groups/home/robo/info/.htpasswd
AuthGroupFile /dev/null
AuthName "Robo Members"
AuthType Basic
<Limit GET PUT POST>
require valid-user
</Limit>

If I understand what I am seeing ???? then it would seem that the use of
cgiwrap is not providing security, but has removed it??

One would probably need to authenticate in order to view the source code
to obtain the script name. However, once they know the script name they
do not need to authenticate to run the script.

The script is a simple read a file and write the contents to the web
page (list of members of a majordomo list).

Any help would be appreciated.

Mike.