Rev CGI argumets for ISP

[J. Landman Gay]

Malte Brill wrote:
> Thanks for your replies. That is a good starting point. What I am 
> exactly after is some kind of pros and cons list that goes into detail 
> on stability and security. Maybe some ISPs experiences things that went 
> good or wrong. Perhaps a list with succesfull uses of revCGI.

In a discussion about this a few years ago, Scott Raney said that he 
couldn't think of any insecurities with CGIs that were innate to the 
engine. There aren't any loopholes per se; the problems would be only in 
your scripts. Your CGI scripts should not parse parameters 
indisciminately -- instead, they need to check that params are correct 
and only act if that is the case. In other words, your scripts might 
allow indiscriminate access, but the engine doesn't.

> Jaque wrote:
> 
>  >The good part is that you don't have to know ahead of time. The CGI
>  >script will error and then you check the error log. The missing
>  >libraries will be listed there, so all you have to do is holler at the
>  >ISP and tell them to get those installed.
> 
> This is interesting. Where is the error log stored? Will I have access 
> to it? Or is it something only the ISP will see.

It depends on your ISP, but every one I've ever had gave me access to 
the error log. My ISP has an entry in my control panel online where I 
can see it. You'll have to ask where your provider keeps it, but I am 
fairly sure you can have access. It is a normal part of debugging a web 
site.

-- 
Jacqueline Landman Gay         |     jacque at hyperactivesw.com
HyperActive Software           |     http://www.hyperactivesw.com