R
Roy Ellis
Guest
Hello, some points about this: 1) Using the original script name is more than just not following best practice it is a HUGE security hole. Someone can search for wspd_cgi.sh and find sites that are not correctly configured and do serious damage. When I taught WebSpeed security I used to show this hole regularly. 2) The install asks you where it should copy the messenger script and you must give your web server cgi directory to the install program. The install program does not know the location of your web server install. If you don't want to over-write your production location you can simply copy the messenger to another directory (like $WRKDIR). 3) Testing before running an install on an production machine is a very important step. 4) Even thought I disagree that this is a bug, I am not the final say on this subject. If you believe this is a bug, the correct way to ensure a bug is entered is to open a Tech Support request so they can add the bug. The bug will be evaluated by the install team and priority set. Regards, Roy
Continue reading...
Continue reading...