[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: cgi security - how to protect the data?
> > > We're running a cgi form and the contents are stored on the cgi-server
> > > shell account. Is there a way to hide the contents of the cgi script
> > > itself so local shell users won't be able to simply look at the file,
> > > figure out where the data files are, and mess up the data?
>
> > not a question for the tech list really...
> > a cgi is usually run as the UID of the server on the machine, which would
> > be "nobody", and not root, so noone need to be able to read the files or
> > execute the script other than nobody. just change the ownership and
> > modifiers to 700.
>
> Actually, whenever my cgi is accessed over the web, it's run under
> "web-cs", which isn't me, and isn't in my group. So when I set
> permissions to 700, it (web-cs) has no permission to get it. What
> could I do to fix this, other than, perhaps get the sysadmin to add me to
> web-cs's group..
permissions 0750 generally work for most of the httpd configurations!
And it's not readable for other than you and a group (considering you are
the only one in the group)
-------------------------------------------------------------------------------
Stas Bekman sbekman@iil.intel.com.il [ WebMaster at Intel Corp. ]
Address: Aba Silver 12/29, Haifa, 32694, Israel
Phones: [w] 972-(0)4-865-5188, [h] 972-(0)4-828-2264/3020
Home Page: http://techunix.technion.ac.il/~ofelix
Resource Center http://www.mardanit.co.il/Center (CGI, PC, Security, Linux)
Linux-il Home: http://www.linux.org.il/
Follow-Ups:
References: