Alias vs. ScriptAlias

Is there a difference ( especially in terms of security ) between these

two chunks of configuration file code:

Alias /manager/ "/var/www/secure-bin/"
AddHandler cgi-script .pl
<Directory "/var/www/secure-bin">
SSLOptions +StdEnvVars
AllowOverride All
Options Indexes FollowSymLinks ExecCGI
Order allow,deny
Allow from all
</Directory>


.... and ...


ScriptAlias /manager/ "/var/www/secure-bin/"
<Directory "/var/www/secure-bin">
SSLOptions +StdEnvVars
AllowOverride All
Options Indexes FollowSymLinks
Order allow,deny
Allow from all
</Directory>


The difference is that the second one uses "ScripAlias" instead of the
"Alias" and does not have the "AddHandler" line?

(E-Mail Removed) wrote:
> Is there a difference ( especially in terms of security ) between these
>
> two chunks of configuration file code:
>
> Alias /manager/ "/var/www/secure-bin/"
> AddHandler cgi-script .pl
> <Directory "/var/www/secure-bin">
> SSLOptions +StdEnvVars
> AllowOverride All
> Options Indexes FollowSymLinks ExecCGI
> Order allow,deny
> Allow from all
> </Directory>
>
>
> ... and ...
>
>
> ScriptAlias /manager/ "/var/www/secure-bin/"
> <Directory "/var/www/secure-bin">
> SSLOptions +StdEnvVars
> AllowOverride All
> Options Indexes FollowSymLinks
> Order allow,deny
> Allow from all
> </Directory>
>
>
> The difference is that the second one uses "ScripAlias" instead of the
> "Alias" and does not have the "AddHandler" line?
>

Your alias setup allows you to place regular files and scripts into
the same directory. Any file with .pl extension will be executed instead
of delivered. Your scriptalias setup only allows scripts, regardless of
extension. No files can be delivered from that directory, only executed.