[osgeo4w-dev] /cgi-bin aliased to /bin - are we exposing too much?

Frank Warmerdam warmerdam at pobox.com
Thu Mar 20 19:00:00 EDT 2008


Currently OSGeo4W's apache and mapserver are packaged such that /cgi-bin
is aliased to C:\OSGeo4W\bin which means that all .exe and dll files are
exposed through the web server.  I'm somewhat concerned that this is not
a very safe arrangement.  Why expose stuff like gdalinfo.exe by default
for instance?

On the other hand, I don't want to duplicate stuff like libmap.dll
in a cgi-bin directory and the main /bin directory if I can avoid it.

I'm not very savvy about Apache configuration, but I guess my question whether
there is a way of handling this gracefully?

Best regards,
I set the clouds in motion - turn up   | Frank Warmerdam, warmerdam at pobox.com
light and sound - activate the windows | http://pobox.com/~warmerdam
and watch the world go round - Rush    | President OSGeo, http://osgeo.org

More information about the osgeo4w-dev mailing list