[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: cgi security - how to protect the data?



On Sat, 19 Apr 1997, Stas Bekman wrote:

> permissions 0750 generally work for most of the httpd configurations!
> And it's not readable for other than you and a group (considering you are 
> the only one in the group)

750 doesn't work in my case.  I did figure out thusfar that I can give
only web-cs (the cgi sever's username) access to my data+cgi files, but my
problem now is that anyone could write a cgi to copy my data+cgi to
another dir and simply change permissions on it.  Very unlikely especially
when there are very few other users on the cgi-server here, but the risk
is still there.  A really great way to reduce that risk would be to
compile the perl code and use the binary instead of readable code...  but
i dont think this is possible.

Ron


Follow-Ups: References: