cgi-bin security question
Hello all!
I know a little bit about setting up apache, and very little about cgi-scripts. Now I'm installing qmailadmin on my system, but I don't want anyone other than the postmaster to be able to login to it. That's because I don't want just anyone logging in to qmailadmin and setting their own autoresponders, forwards, etc.
Now qmailadmin resides in /var/www/cgi-bin/ so, if I had the following for my cgi-bin directory in httpd.conf, I think it should work. Are there any things I'm missing out? Security/permission loopholes?
<Directory "/var/www/cgi-bin">
Options None
AuthType Basic
AuthUserFile /usr/etc/mail.passwd
AuthName Qmailadmin
require valid-user
satisfy any
</Directory>
Thanks in advance
ghammer
|