You are responsible for securing your web server.
Here are a few items to consider:
- Make sure that *.cgi files (including password and setup files) are not visible to the world. The server needs to be configured so that it will not permit a browser to display the contents of *.cgi files. One way to do this is to configure your server such that *.cgi files are treated as cgi-scripts (see Add Script Map section above). Make sure that you cannot use a browser to open the file containing your Admin Module passwords (STUDYNAME_config.cgi). For example, you should not be able to view the contents of the STUDYNAME_config.cgi file if you paste an address similar to the one below (using the URL specific to your study) into your browser's address bar:
- Seeing an error message on the screen is the correct result if attempting to access the *.cgi file via a web browser. You should not see the contents of that file. The server needs to be configured so that server directory listings are not visible to the world. Make sure that if you paste the URL to your "admin" folder into your browser's address bar, you are not able to see any file names. For example (using the URL specific to your study):