Why a CGI-BIN? ||-

sfullman

Hi,

I'm already getting to be proficient in scripting PHP but I have so many questions about fundamental programming because I didn't work with computers in college.

Right now two of my biggest concerns are security and scalability, as my database projects are getting larger and larger. I figure if I'm going to do projects on this level, I need to know my subject matter intimately.

My question regards why it is often common to have a cgi-bin outside of the root directory of a website, and create an alias to that folder in the root, thus redirecting all cgi-bin/whatever.what files to the cgi-bin folder.

Other than the fact that this keeps the physical files out of the root, is there any other advantage to this strategy? Do I really need a special folder for any particular scripts?

Anyone with insight plus security discussion websites for the lay person would be profoundly appreciated and valued.

Thank you,
Sam Fullman
Compass Point Media

nashirak

This is a quote from a CGI book I have that I think answers your question

CGI Programming (Sams)

"One advatage to placing all your CGI programs inside the cgi-bin directory is that you can set the directory so that the files inside it can be exectuted by the Web server, but not read by Web browsers. Consequently, users can't see the actual contents of CGI programs. Another advantage is that because the direcotry is located outside the document root, users don;t hav a way to access the directory itself using a Web browser. Finally, the web server assumes that all the files within the cgi-bin directory are CGI programs, so you dont have to use any particular extension on the filename to identify them. "

Hope this helps!

sfullman

Fundamentally the best answers are short answers... Thank you.

Sam Fullman
Compass Point Media

Anon

<<My question regards why it is often common to have a cgi-bin outside of the root directory of a website, and create an alias to that folder in the root>>

I'm a little concerned as to why you would need to create an alias to cgi-bin in the root dir? The cgi-bin location is known to the server daemon, so doesn't need an alias....don't breach the security!