Hi,
Hope someone can help me out.

I've set DBMan up fine on my own server. Now I'm moving it to the ISP server I have what I think is a problem.

In the Readme it says:

The only file that should be accessible from the net is db.cgi.
All requests to the script will go through db.cgi, and letting people
view the password file or auth directory is a major security risk
(risk to DBMan's built in security, not to the security of the system).
You can get by, by making sure Directory Indexing is off (and rename
the files, security through obfuscation) or by placing all the files
in a cgi-bin directory (preferred).

My ISP says:

Scripts have to be placed in a directory within your public_html dir.

I've tried placing all the Links files except db.cgi in a directory but I keep getting Can't locate default.cfg in @INC errors, and can't work out where to modify the path when the files are in different locations like this. Anyway, many of the other files are also scripts so I think this solution might not work anyway. But if I put all the files inside public_html won't they then become 'accessible from the web' with all the implications??? Security is very important for what I'm trying to do.

The URL is http://www.siliconweb.ie/scripts/jobcentre/db.cgi

A huge thank you to anyone who can advise me on how to proceed.

BC

[This message has been edited by Bruce Coker (edited June 26, 1999).]

Do you have a cgi-bin or are your scripts all executable from any directory? When you ftp in to your server are you placed directly in the public_html directory or are you in a directory outside of it?

I'm not sure what you are trying to do here. Are you setting up the "Links" script? You might get better help in one of the "Links" forums. There would be more folks who know about Links in that forum than there would be here.


------------------
JPD

Sorry for the confusion - I'm trying to set up dbman - just had a slip of the brain after a long day...

Firstly - when I connect to the server I'm placed in a directory of my own one level above public_html. My scripts are executable from any directory, but my ISP (digiweb.com) specifies that the directory I use for them must be inside public_html (and must not be called cgi-bin). I have created a directory called public_html/scripts for this purpose and given it execute permissions.

Secondly - as I say, it's dbman I'm having the problems with. I'm trying to conform to my ISP's requirement of putting my scripts below public_html and also with dbman's requirement of only having db.cgi accessible from the net.

Hope this clarifies things.

BC

Bruce,

the db.cgi file is the only one that is actually 'executed' the rest are configuration and info files(log,pw,cfg, etc.) so putting these in your directory below the public_html directory should not cause your isp any concerns. You can configure all of the paths in default.cfg

Mike

Thank you - I was just being really dumb. Now I see that if $db_scipt_path points to the right place everything works. I thought it had to point to the db.cgi location!

This forum is really excellent.

Cheers,
BC