[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: cgi security - how to protect the data?
On Sat, 19 Apr 1997, Stas Bekman wrote:
> permissions 0750 generally work for most of the httpd configurations!
> And it's not readable for other than you and a group (considering you are
> the only one in the group)
750 doesn't work in my case. I did figure out thusfar that I can give
only web-cs (the cgi sever's username) access to my data+cgi files, but my
problem now is that anyone could write a cgi to copy my data+cgi to
another dir and simply change permissions on it. Very unlikely especially
when there are very few other users on the cgi-server here, but the risk
is still there. A really great way to reduce that risk would be to
compile the perl code and use the binary instead of readable code... but
i dont think this is possible.
Ron
Follow-Ups:
References: