Forum Moderators: open
I have an app on an asp file that searches a db based on the directoy.asp?a=#*$!x argument. It works fine with all that I need. My concern is that with my provider all asp files need to be in the cgi-bin directory and the resulting request ends up sending it to the domain name/cgi-bin/directoy.asp?a=xxxx . I don't know if there are any security issues with this or not whether it's in the cgi-bin or not. Are there any security issues with just the app of a filename.asp?a=xxx method of retrieving data?
Thanks for any and all comments, suggestions and or resources.
Mike
If you are not using a Microsoft IIS server, your really need to be asking this question in the correct forum as my answer may not apply to other types of web server.
There's no security problems with restricting your ASP files to a cgi-bin directory, howevr on a Microsoft Server there's no great benefit in it either.
There's nothing magical about the name "cgi-bin", it just happens to be a common name for a folder that allows executable permissions. It's perfectly possible to use another name for this or even allow every directory in your web site to allow executable permissions (although this may be a security hazard)
If you don't like having the cgi-bin in your URLs you could ask your host if they support ISAPI rewrite, which would allow you to seperate you URLs from your underlying directory structure.
Thanks just trying to be safe with a limited amount of experience on the subject
