Re: [htdig] htsearch and virtual webservers


Subject: Re: [htdig] htsearch and virtual webservers
From: Geoff Hutchison (ghutchis@wso.williams.edu)
Date: Tue Sep 19 2000 - 05:46:38 PDT


At 10:17 AM +0200 9/19/00, Richard van Drimmelen wrote:
>/dir/www-1/cgi-bin/htsearch -c /dir/www-1/htdig/conf/htdig.conf
>
>from the command line, everything works fine. I get various pages of
>html output (or a 'No match found').
>
>But when I run the same from my webbrowser (yes I have updated my
>search.html page and included the -c conf file option) this doesn't
>work. It gives me an error:

You should not use command-line flags from a CGI form--it can produce
security problems (since people could throw in command-line calls).

See <http://www.htdig.org/hts_form.html>

In particular, set the "config" field of the search form. This
defaults to the CONFIG_DIR directory or subdirectories inside to
minimize security risk. (The CGI is effectively chroot'ed.) If the
CONFIG_DIR was not set correctly when you compiled, you will want to
change it and recompile. Probably the easiest way to do this in 3.1.5
is to edit the CONFIG file in your source directory.

--
-Geoff Hutchison
Williams Students Online
http://wso.williams.edu/

------------------------------------ To unsubscribe from the htdig mailing list, send a message to htdig-unsubscribe@htdig.org You will receive a message to confirm this. List archives: <http://www.htdig.org/mail/menu.html> FAQ: <http://www.htdig.org/FAQ.html>



This archive was generated by hypermail 2b28 : Tue Sep 19 2000 - 05:54:21 PDT