Script security outside /cgi-bin

Forum Moderators: coopster & phranque

Message Too Old, No Replies

Script security outside /cgi-bin

Does it matter where I put perl scripts?

treeline

7:11 pm on Jan 10, 2006 (gmt 0)

Hi,

My (shared) host lets me put perl scripts in any directory, and they work fine. Is there any security advantage to having them in /cgi-bin or is it fine to have them in an easier url like /widget?

Are there any special security steps I should take if they're in /widget? Currently posting with the GET method. These are custom written scripts, not standard.

Thanks for your help,

treeline

MichaelBluejay

2:07 am on Jan 11, 2006 (gmt 0)

I think it's actually *better* if they're not in /cgi-bin/. All day long bots are trying to look for scripts to exploit in the /cgi-bin/ directories of my domains, except too bad for them, because I don't have a /cgi-bin/ directory.

I'm no expert but I'm not aware of any special security issues involved with running your cgi from anywhere. I do it, and I certainly like that flexibility.

simon2263

7:23 am on Jan 11, 2006 (gmt 0)

I don't think there are any special security concerns about the *name* of the directory. Wherever they are, though, you do need to be careful about what the directory holds - don't put your perl scripts, for example, in the same directory as your perl interpreter!