You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@httpd.apache.org by Rob Hartill <ro...@imdb.com> on 1996/07/01 15:54:31 UTC
Re: Security bug
Doesn't ring any bells for me. I'll forward your mail to a wider
audience.
regards,
rob
>I have created a 'secure' subdirectory under cgi-bin. I use .htaccess to
>protect that subdirectory and I stored in it a CGI executable called
>fone_form. I can execute fone_form without any problems in
>/cgi-bin/secure as long as I call it without parameters. If I call it
>with parameters, I get the standarad 'Unknown file type' error message.
>The server correctly recognizes the file as being of type
>'application/x-httpd-cgi' but the browser does not seem to know what to
>do with it. If I put the same application in /cgi-bin/, I can call it
>with or without parameters. Do you have any ideas as to why it does not
>work in /cgi-bin/secure?
>
>I tried moving the 'test-cgi' script to /cgi-bin/secure. I can call it
>with or without parameters. The only difference I see between 'test-cgi'
>and 'fone_form' is that fone_form is a 'C' exe and 'test-cgi' is a shell
>sctipt.
>
>I hope you can help me in this area. I checked the known bugs list and
>found nothing.
>
>Thanks for your attention
>
>Najla Drooby
>ndrooby@bdm.com
--
Rob Hartill (robh@imdb.com)
The Internet Movie Database (IMDb) http://www.imdb.com/
...more movie info than you can poke a stick at.