httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "William A. Rowe, Jr." <>
Subject RE: install script and CGIs
Date Mon, 31 Jan 2000 22:59:43 GMT
> > | Suggestions on the best way to have them not installed so 
> > | they can be run by default?  Confusing users by setting the 
> > | permissions to non-executible isn't a good idea, especially 
> > | since it isn't cross-platform.
> > 
> > It seems like they belong in some sort of "examples" directory,  
> > but we don't have one of those.  We could have cgi-bin/examples 
> > with a README.  Can we drop a .htaccess file there that 
> > disables CGI?
> No, because .htaccess files are disabled.  <g>  
> There is a cgi-src directory (well, only in CVS since it is 
> empty) that used to contain other random exploitable programs.
> Guess we could move them there...
Seems a majority of Q's are about cgi-bin access.  I agree it must
be executable from installation.  But won't there be as many Q's
of 'why won't my script/app execute from cgi-src'?  Seems another
fitting name, such as cgi-hazmat, should be provided for poor CGI
examples.  On the other hand, why provide hazardous samples in
the first place?

View raw message