[Previous] [Next] [Index]
[Thread]
Re: NT Security (PERL)
At 12:28 PM +0000 5/17/96, Jason M. Feilbach wrote:
>I have recently read about the lack of security on Microsoft and
>Apple operating systems when using webserver software and have PERL
>services enabled. I cannot however, find any solution to the problem
>mentioned. Nor is their a workaround. The only solution is to disable
>(remove) PERL (perl.exe) which is not viable as these services are
>important. We have many NT (v3.51) servers running Netscape 1.13.
>
>The information is available on the bug at:
>http://www.perl.com/perl/news/latro-announce.htm
The problem is NOT perl, the problem is the way that perl has been
implemented on these machines. A perl binary has no place in cgi-bin! The
approprite configuration is to have the server launch the perl interpreter
on a request for foo.pl (where foo.pl is the plaintext script) much like a
UNIX-based httpd. I don't speak NT, so I can't give specifics, but the
problem is neither perl nor Apple/NT.
Rico
--
Out the 10Base-T, off the bridge, round the token-ring, past the firewall,
through the router, down the T1, over the leased line ... nothing but Net.
ecantu@uh.edu http://www.bchs.uh.edu/~ecantu/ GC at chembb@menudo.uh.edu
Department of Biochemical and Biophysical Sciences, University of Houston
Follow-Ups:
References: