[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: cgi security - how to protect the data?




On Sat, 19 Apr 1997, Ron Elkayam wrote:

> 750 doesn't work in my case. I did figure out thusfar that I can give
> only web-cs (the cgi sever's username) access to my data+cgi files, but my
> problem now is that anyone could write a cgi to copy my data+cgi to
> another dir and simply change permissions on it.

what i quite don't get is why you send this over these lists? it's not the
proper place. check the comp.infosystems.www.authoring.cgi news group for
info. 

in general, the setup of the system you got there, as i understand from
your description, is inherently not safe, and anything you'll do will be a
non-complete workaround. you'd have to refer to your webmaster regarding
the usage of some wrapper such as suexec (that comes with apache),
cgiwrap, or a similar solution. but again, not on this list, it's neither
linux-relevant nor israel-relevant.

guy


References: