0

I received an old site from a customer that was written in perl and used CGI. The CGI files are mixed in with html files that call up a xls file as a data source.

My current hosting company says that the cgi files have to be in the cgi-bin to be executed, but the static html/html files cannnot be called from the cgi-bin directory.

How was this guy hosting these files all in the same directory?

Improve this question
2
  • 1
    Can you show the part of the code where he calls the html/xls files? Since it is probably proprietary code, you can change the filenames to something generic (but if there is a path in the filename, try to keep the path. Commented Apr 5, 2013 at 16:38
  • Do you really mean XLS files - MS Excel files? Commented Apr 5, 2013 at 16:51

1 Answer 1

Reset to default
2

It's a matter of how the web server is configured. The new hosting company is completely capable of allowing the files to all run from the same directory. However, restricting scripts to only be executable from a dedicated cgi-bin directory and not from other locations is considered in some circles to be a good security practice and the new hosting company apparently shares that belief.

In other words, when they tell you that the files have to be separated, that's "have to be" in the sense of "this is our policy", not "this is a technical limitation".

Improve this answer
Sign up to request clarification or add additional context in comments.

4 Comments

However the files in the cgi-bin directory are unlikely to be set to execute-only, i.e. unreadable.
This is what I figured. So I just change all the variables in the cgi script files to point to the cgi-bin directory and new httpdocs document root. took 4 hours but hey it works, thanks guys.
@Borodin: Edited to "...to only be executable from..." to ensure that nobody else parses "...to be executable only from..." as "executable-only".
Yes, I'm always careful to put "only" immediately before the thing it applies to. It's amazing how many meanings you can get out of a sentence just by shifting it around! Here I would have chosen "...restricting scripts to be only executable from a dedicated cgi-bin directory...". But there is a difference between what CGI scripts are allowed to read (which I would have thought was safe) and what the server is allowed to serve (which clearly isn't).

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.