Hello,
On 1/26/2012 11:17 AM, Pete Helgren wrote:
Yep. I would rather use the IFS but I think all I saw in the CGIDEBUG
file was "cannot open file" and "permission denied" (I don't have the
exact wording because I cleared the member). The folders and files all
had QTMHHTTP with *RX permissions and the Apache log had nothing to add.
CGI programs do not typically run under userid QTMHHTTP. They run under
QTMHHTP1 by default. (Though, my shop, and others I've worked with like
to change this to make the user sign-in and access files under their own
authority.)
The folder I was trying to access had the following directory entry in
the config file:
<Directory /www/myfolder/htdocs/myapps>
Options None
order allow,deny
allow from all
</Directory>
You should NOT have this for your template files.
This is to allow the HTTP server to send the file (the IFS file in the
directory, above) to the browser. You don't want the browser to receive
this file directly, do you?
When the HTTP server calls a CGI script (aka your program) it only needs
authority to run the program. It doesn't access the file directly
(indeed, it doesn't even know there's a file involved -- some of the CGI
scripts I've written don't even use template files.)
It's your *program* (via calls to the CGISRVPGM2 service program) that
access the files. Program access to files works the same in CGI as it
does anywhere else... it uses the operating systems object-level security.
By opening up the /www/myfolder/htdocs/myapps directory in the Apache
config as you've done, you've made it possible for browsers to read your
template files directly without calling your program. Depending on the
environment, this could be a huge security hole.
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact
[javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.