Main Stories
Slash Boxes

Slash Open Source Project

Slashcode Log In

Log In

[ Create a new account ]

Article Poll

Poll I found this article to be
Very Helpful
Helpful
Not Helpful
Not Very Helpful
[ Results | Polls ]
Comments:0 | Votes:2

Options ExecCGI

posted by Krow on 07:54 AM September 30th, 2001   Printer-friendly   Email story
Joyce writes "It seems that the only way I can view the perl scripts connected with Slash is to have the Options +ExecCGI directive in my httpd.conf file. I have read, however, that this is a security risk. Is their any way around this?"
This discussion has been archived. No new comments can be posted.
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
 Full
 Abbreviated
 Hidden
More | Login
Loading... please wait.
  • by Anonymous Coward
    Run IIS 4 or IIS 5. Stable, secure, fast. Windows.....

    I heard something about a virus problem, but, uncle Bill can solve anything......

  • As goofy as that subject sounds, it's true. Basically, any file extension/name that you have in your httpd.conf file that is in the parameter:

    AddHandler cgi-script

    (many people have .cgi or .pl following that)

    ..will become executable. And, well, if you have a wicked system command in there that will delete a ton of data, well, yes.. it's dangerous.

    Other than that, it's an innocent directive. My suggestion, is that if you don't want to have CGI privs in all directories for all of your servers, put a .htaccess file in that directory where you have CGIs, and add this line:

    Options +ExecCGI

    Deal-a-Neil (a la slashdot.org)