[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: cgi security - how to protect the data?



> > > We're running a cgi form and the contents are stored on the cgi-server
> > > shell account.  Is there a way to hide the contents of the cgi script
> > > itself so local shell users won't be able to simply look at the file,
> > > figure out where the data files are, and mess up the data?
> 
> > not a question for the tech list really...
> > a cgi is usually run as the UID of the server on the machine, which would
> > be "nobody", and not root, so noone need to be able to read the files or
> > execute the script other than nobody. just change the ownership and
> > modifiers to 700.
> 
> Actually, whenever my cgi is accessed over the web, it's run under
> "web-cs", which isn't me, and isn't in my group.  So when I set
> permissions to 700, it (web-cs) has no permission to get it.  What
> could I do to fix this, other than, perhaps get the sysadmin to add me to
> web-cs's group..

permissions 0750 generally work for most of the httpd configurations!
And it's not readable for other than you and a group (considering you are 
the only one in the group)

-------------------------------------------------------------------------------
Stas Bekman 	sbekman@iil.intel.com.il  [ WebMaster at Intel Corp. ]
Address:	Aba Silver 12/29, Haifa, 32694, Israel
Phones:		[w]  972-(0)4-865-5188, [h]  972-(0)4-828-2264/3020 
Home Page:	http://techunix.technion.ac.il/~ofelix
Resource Center http://www.mardanit.co.il/Center (CGI, PC, Security, Linux)
Linux-il Home:	http://www.linux.org.il/ 	


Follow-Ups: References: