in reply to Re^4: Perl CGI - Viewing logfiles - Security Issues
in thread Perl CGI - Viewing logfiles - Security Issues
The point is that you don't need the softlink - indeed, as long as you keep it, your security will be compromised. Get rid of it.
My script, for example, runs with links like:
<a href="/cgi-bin/viewlogs.pl?log=1">Access log</a>
Your links might look like:
<a href="/cgi-bin/viewlogs.pl?username=foobar">Foobar's log</a>
Once more with feeling, your perl-script can access files that are not accessable to the web-server directly, and that is the way to keep content secure.
Tom Melly, firstname.lastname@example.org