SPUG: setuid & CGI security (was: site clutter)

Alex Algard algard at cardomain.com
Tue Jun 26 02:22:58 CDT 2001


> If one forgets to put an "index.html" in ones cgi-bin you can get a lot
> of insight to the cgi structure of the server by browsing the cgi-bin
> directory. It is a very common mistake. I have used this myself to learn
> more about how a website is structured.

Definitely disable autoindexing by default, and then enable it selectively
on a per-directory basis as needed (just since it's such a "very common
mistake").

________________________
Alex Algard
CarDomain Networks, Inc.
425-820-2244 x111 | fax: 425-820-5951
algard at cardomain.com


 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
     POST TO: spug-list at pm.org       PROBLEMS: owner-spug-list at pm.org
      Subscriptions; Email to majordomo at pm.org:  ACTION  LIST  EMAIL
  Replace ACTION by subscribe or unsubscribe, EMAIL by your Email-address
 For daily traffic, use spug-list for LIST ;  for weekly, spug-list-digest
  Seattle Perl Users Group (SPUG) Home Page: http://www.halcyon.com/spug/





More information about the spug-list mailing list