-----BEGIN PGP SIGNED MESSAGE-----
On Tue, 15 Oct 1996, Eric J. Hansen wrote:
> Note that this solution only works when your HTTP server has access to
> files outside of the www document tree (i.e., it does not do a chroot),
> and by the same measure, may create a security hole - caveat programmer.
One other tip that I have found particularly useful in this
regard...even if your server doesn't do a chroot()...
Instead of moving the files outside of the protected web
hierarchy, just turn the permissions for the public off. That way, you
have your files inside the allowed filespace, but unable to be browsed by
the web. When you want someone to see some of that data, just include it
via SSI or CGI (Apache will soon let you control who CGI and SSI execute
as...check it out in the first betas of 1.2).
> Now, another issue: do you let people subscribe via a WWW/CGI script?
Yes, providing they type in their return email address. I do not
rely upon their browser for this at all. I have a quick form that takes
their email address and properly formats a subscribe request for the list
they picked on the form. Quite handy. Someday I'll have to write an
unsub tool, though...I do get a lot of clueless "How do I unsubscribe"
messages. 8) (I would say "read the welcome letter", but we all know no
one ever reads/keeps those.)
Jason
+ Jason A. Dour jad@bcc.louisville.edu +
| Programmer Analyst II http://www.louisville.edu/~jadour01/ |
| Dept. of Radiation Oncology Finger for Geek Code, PGP Public Key,|
+ University of Louisville PJ Harvey info, and other stuff... +
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
iQCVAwUBMmS0X5o1JaC71RLxAQHZ0wQApifXO9mZL60kne4r25VYM2RLW8OEcGnv
btIOTypHmrftJEchU1Ef/zwT272YVFzyLe1DiDynY6zFgW2e49Lz4HlkL3+ZwMJ+
7btSvbs4SHMsG0YtSOfW3Rvn8t3nZx8hqf4nWYKoV0zZAsoYYXPW66UCKbzY2e70
DRuI+Yo4N7Y=
=1Z0N
-----END PGP SIGNATURE-----
References:
|
|
