[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [cobalt-users] CGI-Bin on RAQ2
- Subject: RE: [cobalt-users] CGI-Bin on RAQ2
- From: "Dan Kriwitsky" <webhosting@xxxxxxxxx>
- Date: Thu Nov 22 14:17:05 2001
- List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>
> Nice page, but it does not help me with my problem. Maybe someone might
> have an insight as to where else to look?
>
> I have scripts running OK, but have run into something on a Qube2 (which
> is similar to a RAQ2) that does not make sense to me. I have searched
> and read tons of doco, but cannot find any problems with what I have
> done. I would be curious to know if the same problem shows itself on a
> RAQ2 or other Cobalt product.
>
> It seems that cgiwrap overrides htaccess authentication. E.g.,
>
> This url triggers htaccess authentication (the subdirectory /robo/info
> has the .htaccess file shown at the bottom of this message):
>
> http://<domain>/robo/info/who.pl
>
> This url does not trigger htaccess authentication:
>
> http://<domain>/cgiwrapDir/cgiwrap/robo/info/who.pl
>
> The Qube2 htaccess file in the robo/info directory is
>
> AddType text/x-server-parsed-html .html .shtml
> AuthUserFile /home/groups/home/robo/info/.htpasswd
> AuthGroupFile /dev/null
> AuthName "Robo Members"
> AuthType Basic
> <Limit GET PUT POST>
> require valid-user
> </Limit>
>
> If I understand what I am seeing ???? then it would seem that the use of
> cgiwrap is not providing security, but has removed it??
>
> One would probably need to authenticate in order to view the source code
> to obtain the script name. However, once they know the script name they
> do not need to authenticate to run the script.
>
> The script is a simple read a file and write the contents to the web
> page (list of members of a majordomo list).
>
You need to turn off AuthPAM.
Just add:
AuthPAM_Enabled off
--
Dan Kriwitsky