[osgeo4w-dev] /cgi-bin aliased to /bin - are we exposing too much?
Daniel Morissette
dmorissette at mapgears.com
Mon Mar 24 14:41:55 EDT 2008
Frank Warmerdam wrote:
> Folks,
>
> Currently OSGeo4W's apache and mapserver are packaged such that /cgi-bin
> is aliased to C:\OSGeo4W\bin which means that all .exe and dll files are
> exposed through the web server. I'm somewhat concerned that this is not
> a very safe arrangement. Why expose stuff like gdalinfo.exe by default
> for instance?
>
I am also of the opinion that the /bin and /cgi-bin dirs should be separate.
In the early days of MS4W, the objective was to have a package that you
could simply unzip and have ready to run without additional
configuration, so we used to put all CGI binaries and DLLs in the
cgi-bin directory for simplicity. Since the original plan was only to
publish CGI programs, not command-line utils, that was not a problem.
If over time command-line utils were placed in that same dir then that
could be a problem and I believe a better solution needs to be worked
out for OSGeo4W.
> On the other hand, I don't want to duplicate stuff like libmap.dll
> in a cgi-bin directory and the main /bin directory if I can avoid it.
>
Since we have an installer now (and not just a zip file to unzip like
the old MS4W), we should be able to set PATH appropriately when running
in a OSGeo4W context (in the web server and in a DOS window). This would
allow us to put only the CGI programs in cgi-bin (and no DLLs), and put
all the other command-line binaries, as well as all DLLs in a /bin
directory which is added to the local OSGeo4W path (and not to the
overall system path).
> I'm not very savvy about Apache configuration, but I guess my question
> whether
> there is a way of handling this gracefully?
>
You can set the PATH variable and pass it to CGI scripts in Apache using
the PassEnv directive in httpd.conf. FGS passes the LD_LIBRARY_PATH this
way on Linux.
The biggest problem might be to make this work with IIS though. I don't
know it enough to tell if setting a local PATH is possible in IIS.
Daniel
--
Daniel Morissette
http://www.mapgears.com/
More information about the osgeo4w-dev
mailing list