[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: cgi security - how to protect the data?



On Sat, 19 Apr 1997, Ira Abramov wrote:

> > We're running a cgi form and the contents are stored on the cgi-server
> > shell account.  Is there a way to hide the contents of the cgi script
> > itself so local shell users won't be able to simply look at the file,
> > figure out where the data files are, and mess up the data?

> not a question for the tech list really...
> a cgi is usually run as the UID of the server on the machine, which would
> be "nobody", and not root, so noone need to be able to read the files or
> execute the script other than nobody. just change the ownership and
> modifiers to 700.

Actually, whenever my cgi is accessed over the web, it's run under
"web-cs", which isn't me, and isn't in my group.  So when I set
permissions to 700, it (web-cs) has no permission to get it.  What
could I do to fix this, other than, perhaps get the sysadmin to add me to
web-cs's group..

Thanx,
Ron


Follow-Ups: References: