Rev cgi install + potential problem with cgi tutorial

Pierre Sahores psahores at easynet.fr
Thu May 6 15:39:15 EDT 2004


Le 6 mai 04, à 20:29, jbv a écrit :

> Hi folks,
>
> You probably remember my posts from last week about
> the problems I was facing while trying to install Rev cgi
> on a Linux server.
>
> I'm happy to say that these problems have been solved,
> and I thought some of you could be interested in knowing
> what was wrong.
> Actually the main reason why Rev cgi wasn't running
> properly (not running at all in fact) was because the server
> configuration had been carefully set to prevent any executable
> to launch from the cgi-bin folder.
>
> The local Linux expert who halped me on this issue told me
> that a few rules should be followed, for instance :
> - it looks like a BAD IDEA to install the cgi engine and the scripts
> in the same folder (it might open a serious SECURITY HOLE in
> Apache), and any well-configured server doesn't allow that;
> - it is a good idea to set privileges of the scripts files (and of the
> directories in which they are installed) so that only the cgi
> engine (that is supposed to run them) can run them;
> - if your cgi scripts are supposed to create / delete folders & files,
> it is a good idea to allow these operations in a special directory,
> and to set privileges so that only your engine and your scripts
> could do it.
>
> We actually spent a couple of hours setting and testing everything,
> and now everything runs fine.
>
> I don't think I'm overreacting on this topic (although I don't want
> to scare anyone) but I have the strong feeling that if you want to
> use Rev cgi for some serious / professional project (and not only
> some home experiments), you should be wise to take all these security
> issues into consideration, and ask for advice from a Linux specialist.
>
> For that reason, I think that the installation part of the cgi tutorial
> should be re-written, and should include more detailed advices about
> the installation procedure.
>
> Best,
> JB
>
> _______________________________________________
> use-revolution mailing list
> use-revolution at lists.runrev.com
> http://lists.runrev.com/mailman/listinfo/use-revolution
>



More information about the use-livecode mailing list