FAQ  |  Search  |  Register  |  Profile  |  Log in to check your private messages  |  Log in
cgi-bin files can be viewed with direct url

 
Post new topic   Reply to topic    Aprelium Forum Index -> FastCGI/CGI
View previous topic :: View next topic  
Author Message
jtc970
-


Joined: 24 Mar 2003
Posts: 172
PostPosted: Tue Aug 19, 2003 7:02 pm    Post subject: cgi-bin files can be viewed with direct url Reply with quote
I need to hide my dat files from being viewed on a browser
they are in cgi-bin\blahblah\file.dat
someone got my password and changed it
how can I stop them from seeing these files?
Back to top View user's profile Send private message
aprelium
-


Joined: 22 Mar 2002
Posts: 6800
PostPosted: Wed Aug 20, 2003 12:19 pm    Post subject: Re: cgi-bin files can be viewed with direct url Reply with quote
jtc970 wrote:
I need to hide my dat files from being viewed on a browser
they are in cgi-bin\blahblah\file.dat
someone got my password and changed it
how can I stop them from seeing these files?

The best thing is to put these files in a directory not reachable by web users and to change the paths in your script to point to the new file location.
_________________
Support Team
Aprelium - http://www.aprelium.com
Back to top View user's profile Send private message Send e-mail
pellinor
-


Joined: 02 Oct 2003
Posts: 7
PostPosted: Thu Oct 02, 2003 10:08 pm    Post subject: Related question: how do I hide files I *CAN'T* move Reply with quote
Let's say I'm developing a web app or I have some code from a third party.
It's based on PHP, and the convention is that files meant to be seen have
extensions of .php, .php3, or .php4. Code snippets or code libraries have
different extensions to differentiate them, like .inc or .pclass, or whatever.

Is there a way that I can block access to these private files, should
someone else have learned the names of the files I have by looking at
that 3rd party package or by random URL guessing? As it is now, if they
know the name, they can get the server to spit the text of the code for
their perusal.

Would a good approach be to have a CGI interpreter associated with those
file extensions that would simply spit out a blank page, a 401/403 error or
even a 404 to hide those files' existence?

If so, what would be a good way to get my hands on such an interpreter.
Does something like this already exist?

M
Back to top View user's profile Send private message
aprelium
-


Joined: 22 Mar 2002
Posts: 6800
PostPosted: Sat Oct 04, 2003 1:22 pm    Post subject: Re: Related question: how do I hide files I *CAN'T* move Reply with quote
The best thing to do to "hide" the files with extensions inc, pclass, etc... is to associate these extensions with a non CGI interpreter, for example, associate them with notepad.exe .
Since notepad.exe is not a CGI interpreter, the server will always report error 500 when someone tries to access these files from the web site directly.
_________________
Support Team
Aprelium - http://www.aprelium.com
Back to top View user's profile Send private message Send e-mail
Display posts from previous:   
Post new topic   Reply to topic    Aprelium Forum Index -> FastCGI/CGI All times are GMT + 1 Hour
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum


Powered by phpBB phpBB Group