Rev cgi install + potential problem with cgi tutorial

jbv jbv.silences at Club-Internet.fr
Thu May 6 14:29:03 EDT 2004


Hi folks,

You probably remember my posts from last week about
the problems I was facing while trying to install Rev cgi
on a Linux server.

I'm happy to say that these problems have been solved,
and I thought some of you could be interested in knowing
what was wrong.
Actually the main reason why Rev cgi wasn't running
properly (not running at all in fact) was because the server
configuration had been carefully set to prevent any executable
to launch from the cgi-bin folder.

The local Linux expert who halped me on this issue told me
that a few rules should be followed, for instance :
- it looks like a BAD IDEA to install the cgi engine and the scripts
in the same folder (it might open a serious SECURITY HOLE in
Apache), and any well-configured server doesn't allow that;
- it is a good idea to set privileges of the scripts files (and of the
directories in which they are installed) so that only the cgi
engine (that is supposed to run them) can run them;
- if your cgi scripts are supposed to create / delete folders & files,
it is a good idea to allow these operations in a special directory,
and to set privileges so that only your engine and your scripts
could do it.

We actually spent a couple of hours setting and testing everything,
and now everything runs fine.

I don't think I'm overreacting on this topic (although I don't want
to scare anyone) but I have the strong feeling that if you want to
use Rev cgi for some serious / professional project (and not only
some home experiments), you should be wise to take all these security
issues into consideration, and ask for advice from a Linux specialist.

For that reason, I think that the installation part of the cgi tutorial
should be re-written, and should include more detailed advices about
the installation procedure.

Best,
JB



More information about the use-livecode mailing list