Is it better to store scripts in the cgi-bin directory, or to store them anywhere in the document tree and identify them to the server using the .cgi extension?
Although there’s nothing intrinsically dangerous about scattering CGI scripts around the document tree, it’s better to store them in the cgi-bin directory. Because CGI scripts are such potentially large security holes, it’s much easier to keep track of what scripts are installed on your system if they’re kept in a central location rather than being scattered around among multiple directories. This is particularly true in an environment with multiple Web authors. It’s just too easy for an author to inadverently create a buggy CGI script and install it somewhere in the document tree. By restricting CGI scripts to the cgi-bin directory and by setting up permissions so that only the Web administrator can install these scripts, you avoid this chaotic situation. There’s also a risk of a hacker managing to create a .cgi file somewhere in your document tree and then executing it remotely by requesting its URL. A cgi-bin directory with tightly-controlled access lessens the possibility of this h
Related Questions
- Is it better to store scripts in the cgi-bin directory, or to store them anywhere in the document tree and identify them to the server using the .cgi extension?
- How do I configure an LDAP Version 3 data store to point to Directory Server with the Access Manager schema installed?
- Can I use cgi-bin scripts in my own directory?
