cgi form security

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!


 Originally posted this query in ciwah.cgi but no response, so sorry
if it is a little off-topic here:
I have setup a simple online 'contact' form on my site and I am not
sure if I have done this as securely as possible.

1. I am using nms Formmail: the recipient email address is in the
script and not in the html form
2. I have dropped an .htaccess file in the cgi-bin directory that
says: Options -Indexes to stop directory browsing.
3. I have renamed the script from to and given
the directory an anonymous name.

My only concern is that the script file can still be identified and
potentially read and therefore the email address for recipient

Is there more I should be doing to secure the script and the cgi

           Thanks for any answers to my (ignorant) question,


PS Apache server

Andrew /

Site Timeline