On Mon, Apr 02, 2001 at 04:32:34PM -0500, Robert A. Jacobs wrote: > Caveats: This is not the most secure solution in the world. If you do not > personally know your users, as I do, and/or you do not trust them, I suggest > you stick with the Apache recommended approach of creating a cgi-bin and/or > perl-bin directories and only allow cgi's served out of those directories. > Since my webserver is for development purposes, I wanted greater flexibility.
You should never allow mod_perl access to people you don't trust unless you are prepared to run an unpriviledged instance of apache for each mod_perl user. This gets ugly in a hurry since you have to do proxy or redirects from the port 80 apache. -- Nathan Norman - Staff Engineer | A good plan today is better Micromuse Ltd. | than a perfect plan tomorrow. mailto:[EMAIL PROTECTED] | -- Patton
pgpdJ50HwNfnU.pgp
Description: PGP signature
