Hi,
Hope someone can help me out.
I've set DBMan up fine on my own server. Now I'm moving it to the ISP server I have what I think is a problem.
In the Readme it says:
The only file that should be accessible from the net is db.cgi.
All requests to the script will go through db.cgi, and letting people
view the password file or auth directory is a major security risk
(risk to DBMan's built in security, not to the security of the system).
You can get by, by making sure Directory Indexing is off (and rename
the files, security through obfuscation) or by placing all the files
in a cgi-bin directory (preferred).
My ISP says:
Scripts have to be placed in a directory within your public_html dir.
I've tried placing all the Links files except db.cgi in a directory but I keep getting Can't locate default.cfg in @INC errors, and can't work out where to modify the path when the files are in different locations like this. Anyway, many of the other files are also scripts so I think this solution might not work anyway. But if I put all the files inside public_html won't they then become 'accessible from the web' with all the implications??? Security is very important for what I'm trying to do.
The URL is http://www.siliconweb.ie/scripts/jobcentre/db.cgi
A huge thank you to anyone who can advise me on how to proceed.
BC
[This message has been edited by Bruce Coker (edited June 26, 1999).]
Hope someone can help me out.
I've set DBMan up fine on my own server. Now I'm moving it to the ISP server I have what I think is a problem.
In the Readme it says:
The only file that should be accessible from the net is db.cgi.
All requests to the script will go through db.cgi, and letting people
view the password file or auth directory is a major security risk
(risk to DBMan's built in security, not to the security of the system).
You can get by, by making sure Directory Indexing is off (and rename
the files, security through obfuscation) or by placing all the files
in a cgi-bin directory (preferred).
My ISP says:
Scripts have to be placed in a directory within your public_html dir.
I've tried placing all the Links files except db.cgi in a directory but I keep getting Can't locate default.cfg in @INC errors, and can't work out where to modify the path when the files are in different locations like this. Anyway, many of the other files are also scripts so I think this solution might not work anyway. But if I put all the files inside public_html won't they then become 'accessible from the web' with all the implications??? Security is very important for what I'm trying to do.
The URL is http://www.siliconweb.ie/scripts/jobcentre/db.cgi
A huge thank you to anyone who can advise me on how to proceed.
BC
[This message has been edited by Bruce Coker (edited June 26, 1999).]