On Thu, 10 Mar 2005 09:23:19 -0600, Aleksandar Milivojevic <amilivojevic@xxxxxx> wrote:
> Anyhow, I still don't see why CGI scripts/programs were not
> working out of the box when placed in /var/www/cgi-bin. This box
> is fresh install with almost default configuration. I tought
> targeted > policy should allow that by default (provided
> httpd_enable_cgi is set to true, which seems to be default
> setting)? Am I the only one with this problem?
Because enabling httpd to run cgi processes presents a potential
security risk that should be expressly taken rather than left to
the system administrator to realize and secure after the fact?
This was (is?) one of the great problems with Microsoft products,
everything is turned on by default so that Microsoft can avoid the
support costs of guiding users through what they can safely enable.
The excuse given is that people responsible for systems should
"know" what to turn off to establish whatever level of security
they are most comfortable with.
Human nature being what it is, if some process you need does not
work then you will be compelled to discover how to enable it. If
you do not need it then it does not need to be enabled and probably
should not be. This is by far the best way to avoid those
embarrassing "gotchas" that the less reputable seek to exploit.
Security is always best served on a "need to" only basis.
Regards,
Jim
--
*** e-mail is not a secure channel ***
mailto:byrnejb.<token>@harte-lyne.ca
James B. Byrne Harte & Lyne Limited
vox: +1 905 561 1241 9 Brockley Drive
fax: +1 905 561 0757 Hamilton, Ontario
<token> = hal Canada L8E 3C3
