Re: Security bug

[Rob Hartill <ro...@imdb.com>]

Doesn't ring any bells for me. I'll forward your mail to a wider
audience.

regards,
rob

>I have created a 'secure' subdirectory under cgi-bin. I use .htaccess to 
>protect that subdirectory and I stored in it a CGI executable called 
>fone_form. I can execute fone_form without any problems in 
>/cgi-bin/secure as long as I call it without parameters. If I call it 
>with parameters, I get the standarad 'Unknown file type' error message. 
>The server correctly recognizes the file as being of type 
>'application/x-httpd-cgi' but the browser does not seem to know what to 
>do with it. If I put the same application in /cgi-bin/, I can call it 
>with or without parameters. Do you have any ideas as to why it does not
>work in /cgi-bin/secure?
>
>I tried moving the 'test-cgi' script to /cgi-bin/secure. I can call it 
>with or without parameters. The only difference I see between 'test-cgi' 
>and 'fone_form' is that fone_form is a 'C' exe and 'test-cgi' is a shell 
>sctipt. 
>
>I hope you can help me in this area. I checked the known bugs list and 
>found nothing. 
>
>Thanks for your attention
>
>Najla Drooby
>ndrooby@bdm.com


-- 
Rob Hartill (robh@imdb.com)
The Internet Movie Database (IMDb)  http://www.imdb.com/
           ...more movie info than you can poke a stick at.