darwin mc?
Dave Cragg
dcragg at lacscentre.co.uk
Thu Jan 9 05:24:01 EST 2003
At 11:09 am -0500 8/1/03, Richard MacLemale wrote:
>It's the metacard engine for Darwin. You can slap it into your
>CGI-EXECUTABLES folder and then write MetaTalk scripts to do cool CGI stuff.
Changing topic slightly...
I've seen a number of recommendations recently to put the mc cgi
engine in the same folder as the cgi scripts themselves. Is there any
possible security issue with this?
For example, there are many warnings on the Web not to put the Perl
engine for Win32 systems in the public cgi-bin directory. The reason
is that the executable can be called directly from a url reference
and a script passed as a parameter, allowing all kinds of untold
damage to be done. I was wondering whether something equally devious
was feasible with Metacard. While I haven't found a way to expoit
this myself, I'd love the reassurance that it was perfectly safe
approach.
Cheers
Dave
More information about the metacard
mailing list