Purpose of Movable Type mt-*.cgi scripts?

Question

I'm building an extra layer on top of Movable Type for integration with another system. Part of this involves pre-processing and filtering requests before they get to the MT scripts (comment control, translating external users into MT users etc).

For example, new comments to posts are submitted to a script in the new layer before requests are passed on to mt-comments.cgi. In this instance, I'm denying access to mt-comments.cgi from all but a specific IP as I don't want people being able to post new comments 'directly'.

I'd like to know the general purpose of all mt-*.cgi scripts such that I can deny access to those not relevant and control access to all others.

The mt-*.cgi scripts I have, along with their (estimated) purpose, are:

*Script*             *Private access?*   *Purpose*
mt-add-notify.cgi     ?                   ?
mt-atom.cgi           ?                   ?
mt.cgi                Yes                 Main MT engine
mt-check.cgi          ?                   ?
mt-comments.cgi       Yes                 Handles inbound new comments
mt-config.cgi         Yes                 Stores main MT configuration
mt-feed.cgi           ?                   ?
mt-ftsearch.cgi       ?                   ?
mt-search.cgi         Yes                 Handles search requests, returns results
mt-tb.cgi             ?                   ?
mt-testbg.cgi         ?                   ?
mt-upgrade.cgi        Yes                 Upgrade tool
mt-wizard.cgi         Yes                 Setup/config wizard
mt-xmlrpc.cgi         ?                   ?

I'd appreciate answers to fill in the blanks.

By 'private access', I mean: can access be limited (e.g. via .htaccess) to a known set of IPs only? The inverse of this being: must access be available to all IPs?

Answers clearly elaborating on the purpose and use of a script, such that it may be of use to others, are always welcome.

Thanks very much to anyone who can help!

Answer 1

I've filled in the purpose on each of these. I'm pretty sure everything can be private as long as you proxy requests properly, but not positive. Some of these scripts can (and should) be blocked out completely.

*Script*             *Private access?*   *Purpose*
mt-add-notify.cgi     ?                   Provide Movable Type email notification support
mt-atom.cgi           ?                   An Atom Publishing API interface for communicating with Movable Type.
mt.cgi                Yes                 Main MT engine
mt-check.cgi          ?                   Determines whether you have all of the components you need to run Movable Type
mt-comments.cgi       Yes                 Handles inbound new comments
mt-config.cgi         Yes                 Stores main MT configuration
mt-feed.cgi           ?                   Movable Type application for producing activity feeds. 
mt-ftsearch.cgi       ?                   Freetext search
mt-search.cgi         Yes                 Handles search requests, returns results
mt-tb.cgi             ?                   Handles blog trackbacks
mt-testbg.cgi         ?                   Tests for background tasks
mt-upgrade.cgi        Yes                 Upgrade tool
mt-wizard.cgi         Yes                 Setup/config wizard
mt-xmlrpc.cgi         ?                   XML RPC interface (external blog tool posting)

I knew a few of these, but the easiest way to find out what each does is crack open the file and see which Perl module it calls (such at MT::Trackback), then run perldoc lib/MT/Trackback.pm for each. It will give you all sorts of information about what each script can do.