Tek Support
2005-08-07 10:26:00 UTC
Dear Creator:
I'd just like to point out that hardcoding /cgi-bin/ into program is
perhaps a bad idea (v2.3.6).
I already have a /cgi-bin/ directory which my users/customers use.
Since I use qmail, its an obvious test for any hacker/cracker to see
if I have the /vqadmin/ installed via the default path. I don't want
that, I want it in my own administration directory with all of my
other admin tools. So I simply created a new cgi-bin scriptalias into
my apache which resides inside of my administration folder, and, I
thought I would be set.
I've been fumbling around for many hours trying to get the ACL's
working right, when it turns out its not the ACL, but that your
actually hardcoding /cgi-bin/. And even though your ./configure
allows one to set the cgibindir flag, its doesn't do much good if your
hardcoding /cgi-bin/ into the source.
I'll get by. I've edited all the .html files in your "html"
directory, and thought I was done. But still the link on the bottom
of the page for "Main VqAdmin" is still linking to cgi-bin. So now
I've found that you also have it hardcoded into "domain.c" and
"user.c". If your going to allow me to change the install folder,
then you shouldn't have it hardcoded. Thanks for the program, but
perhaps this is something you can attend to for anyone else who can't
figure out whats going on.
Not what I'd expect from a C programmer.
Thanks
TekSaPort
I'd just like to point out that hardcoding /cgi-bin/ into program is
perhaps a bad idea (v2.3.6).
I already have a /cgi-bin/ directory which my users/customers use.
Since I use qmail, its an obvious test for any hacker/cracker to see
if I have the /vqadmin/ installed via the default path. I don't want
that, I want it in my own administration directory with all of my
other admin tools. So I simply created a new cgi-bin scriptalias into
my apache which resides inside of my administration folder, and, I
thought I would be set.
I've been fumbling around for many hours trying to get the ACL's
working right, when it turns out its not the ACL, but that your
actually hardcoding /cgi-bin/. And even though your ./configure
allows one to set the cgibindir flag, its doesn't do much good if your
hardcoding /cgi-bin/ into the source.
I'll get by. I've edited all the .html files in your "html"
directory, and thought I was done. But still the link on the bottom
of the page for "Main VqAdmin" is still linking to cgi-bin. So now
I've found that you also have it hardcoded into "domain.c" and
"user.c". If your going to allow me to change the install folder,
then you shouldn't have it hardcoded. Thanks for the program, but
perhaps this is something you can attend to for anyone else who can't
figure out whats going on.
Not what I'd expect from a C programmer.
Thanks
TekSaPort