On Wed, 30 Oct 2002, Gilles Detillieux wrote: > I believe /etc/htdig.conf is what Red Hat's RPM of htdig uses. More sane > packages would use /etc/htdig/htdig.conf, recognizing that you can have > more than one config file in CONFIG_DIR, accessible by htsearch, so it > doesn't make sense to set CONFIG_DIR to /etc.
Actually, come to think of it, this is a potential security problem--since htsearch is tied to CONFIG_DIR, you could try to get htsearch to read other files in /etc. Now, it may not be easily exploitable, but on a RH 8.0 setup, I see lots of *.conf files, some of which I wouldn't want a CGI to attempt to read. I'll try to think about how nasty that could get, but it certainly seems a much safer idea to stick to /etc/htdig or some other non-important directory! -- -Geoff Hutchison Williams Students Online http://wso.williams.edu/ ------------------------------------------------------- This sf.net email is sponsored by: Influence the future of Java(TM) technology. Join the Java Community Process(SM) (JCP(SM)) program now. http://ads.sourceforge.net/cgi-bin/redirect.pl?sunm0004en _______________________________________________ htdig-general mailing list <[EMAIL PROTECTED]> To unsubscribe, send a message to <[EMAIL PROTECTED]> with a subject of unsubscribe FAQ: http://htdig.sourceforge.net/FAQ.html
