Hello!

I had also the famous problem with protecting admin dir with .htaccess, server was not reading .htaccess in cgi-bin. Anyway, now I put all the cgi dir of links to htdocs dir on my server and enabled it to run cgi scripts from there. Now, I can pwd protect admin dir with .htaccess

Before doing this, I checked FAQs of my hosting, and they say: "For security reasons, we recommend that you run your CGI programs from the provided cgi-bin directory" and "although we discourage the use of CGI programs outside of the cgi-bin, you can do so through the use of a .htaccess file". So, that's what I did.

Why do they "discourage the use of CGI programs outside of the cgi-bin"?

Did I make my links less secure while trying to make it more secure?

Cheers!

There is nothing special about "cgi-bin". It doesn't matter what you call it or where it's located. It used to be that most servers would only run scripts located in a directory specified in an Apache configuration file. However, it is considered good practice to keep all your scripts in a designated directory unless you have some special reason to do otherwise, and to use .htaccess to prevent users from accessing things they shouldn't or don't need to (ie, on my site I used to have a single user accessible file: index.cgi, which built my pages dynamicly from a database and templates).

--Philip
Links 2.0 moderator