Chris Travers wrote, On 12/13/2006 10:51 PM:
> I favor the idea of a post-install configure script. Obviously we
> don't want it in the web directory :-)
>
Now you mention it: Couldn't/shouldn't all CGI entry points be moved to
a cgi-bin folder and apache be configured to execute cgi in that folder
only? I consider it very unsafe to put scripts not intended to be cgi
scripts (or even worse: Writable folders) in cgi-enabled folders. As it
is now Apache access control has to do a dirty and
too-risky-to-be-trusted job! It is not obvious to me that no dangerous
scripts can be executed through cgi.
IMHO ;-)
/Mads
ps: I have been playing around with something like the following.
Instead of taking a "give access and make exceptions" approach I try to
give exactly the needed access. But it gets quite complicated and
obvious that reorganizing the directory structure would be simpler (and
thus less error-prone).
# Mapping from url to file system
Alias /ledger-smb/css xxx/css
Alias /ledger-smb/templates xxx/templates
Alias /ledger-smb/doc/LedgerSMB-manual.pdf xxx/doc/LedgerSMB-manual.pdf
Alias /ledger-smb/locale xxx/locale
Alias /ledger-smb xxx/
# Access to htdocs/CGI dir
<Directory xxx>
AddHandler cgi-script .pl
Options ExecCGI
Order Allow,Deny
Deny from All
<FilesMatch "^$|\.(png|ico|pl|html)$">
Order Deny,Allow
Allow from All
</FilesMatch>
</Directory>
# No automatic access to sub dirs of htdocs/CGI
<Directory xxx/*>
<Files "*">
Order Allow,Deny
Deny from All
</Files>
</Directory>
# Access to splash
<Directory xxx/doc/locale>
<Files "*">
Order Deny,Allow
Allow from All
</Files>
</Directory>
# Access to manual
<Directory xxx/doc>
<Files "*">
Order Deny,Allow
Allow from All
</Files>
</Directory>
# Access to (customized) css
<Directory xxx/css>
<Files "*">
Order Deny,Allow
Allow from All
</Files>
</Directory>
# Access to (customzied) templates
<Directory xxx/templates>
<Files "*">
Order Deny,Allow
Allow from All
</Files>
</Directory>
-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys - and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________
Ledger-smb-devel mailing list
..hidden..
https://lists.sourceforge.net/lists/listinfo/ledger-smb-devel