Re: cgi apps, is it bad juju to pile program and conf file, template, etc under one directory in cgi-bin?

The risk of having everything under a directory the Web server contains is that they may be accessible in surprising ways. For example, if your configuration contains database passwords and it's in a directory the server treats as HTML, anybody can get your passwords by simply loading that file. Similarly, if you put utility libraries in a directory where the Web server expects CGI scripts, the libraries can be run by Web clients.

One way around that would be to install everything in one directory outside the Web server's area, then use symlinks to link in the parts that should be available on the Web.

Another way is to put all support files in a subdirectory, and put a .htaccess file that will block access (though that will only work under Apache).

Yet another way is to have a smart installer run one time via the Web, which will figure out where things should go and put them there, then disable itself. I've seen that approach used before, most often in PHP scripts, and it makes it very easy to get things installed quickly.

--
sgifford's Web page

Comment on Re: cgi apps, is it bad juju to pile program and conf file, template, etc under one directory in cgi-bin? Download Code

Replies are listed 'Best First'.
Re^2: cgi apps, is it bad juju to pile program and conf file, template, etc under one directory in cgi-bin? by friedo (Prior) on Oct 06, 2006 at 19:07 UTC
Another way is to put all support files in a subdirectory, and put a `.htaccess` file that will block access (though that will only work under Apache). ...And only if `.htaccess` is turned on to begin with.	[reply] [d/l] [select]
Re^2: cgi apps, is it bad juju to pile program and conf file, template, etc under one directory in cgi-bin? by bibliophile (Prior) on Oct 06, 2006 at 17:39 UTC
Ah, yes. I should have mentioned that I am (or at least think I am!) controlling access to the directories through Apache conf. Thanks for making that clear :-)	[reply]