MC on Apache and CGI
jbv
jbv.silences at club-internet.fr
Sun Dec 8 13:44:01 EST 2002
Pierre,
> It's, basicaly, two ways you can install mc to have it running behind
> Apache.
>
> 1.- As a simple cgi engine : just drop the mc engine where you want (but
> not in a directory where any bad guy will expect to find it) and add the
> right path head your mc-cgi scripts, alike "#!/the path/mc". Verify that
> the right permissions are ok to let the cgis lauchables by the mc engine
> and it will be ok.
>
That's what has been done (AFAIK) and it works OK.
Although your comments raise a few important questions that
I'll have to discuss with the UNIX guy :
- what is the best directory to drop the mc engine so that
no bad guy finds it ?
- and what can happen if any bad guy finds it ?
- is there anything specific that can be done (by a bad guy) with MC
as a simple cgi engine that can't be done with a php or perl engine ?
- does it have to do with the presence of a "wrapper" (I've seen
that word at times in articles / discussions about cgi engines) ?
- are there any safety measures to take to prevent that ?
And as for permissions : I know that the right permissions have
to be set to mc-cgi scripts and text files used by those scripts, but
have the feeling that there must be some specific other permissions to
set in the Apache configuration to allow mc-cgi scripts to be triggered
by external requests... If yes, can those permissions be set for one
domain name only ?
More on this issues, please...
Thanks a lot,
JB
More information about the metacard
mailing list