[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: cgi security - how to protect the data?





On Fri, 18 Apr 1997, Ronell (Ron) Elkayam wrote:

> We're running a cgi form and the contents are stored on the cgi-server
> shell account.  Is there a way to hide the contents of the cgi script
> itself so local shell users won't be able to simply look at the file,
> figure out where the data files are, and mess up the data?
> 
> I *must* give everyone both read and execute permissions on the cgi
> script, and write permission on the actual data files.  I could hide the
> data files in an unreadable directory, but again, anyone with a
> cgi-account here could still read the cgi script and find out where the
> data is...
> 
> Can anything be done about this?

If the script has the same permissions as the users then there's nothing
you can really do. You could always use a compiled script (so only very
determined hackers would be able to figure out what it does) and SUID it 
to a different user and group so the database will be accecible to users
only through the script/program. Assuming the script is well debugged and
*not* SUID to root, you should have a relatively good security without
compromissing the whole system.
A better solution would be to write a server to deal with the database and
hook it to an AF_UNIX socket or SysV IPC queue or even a named pipe. This
way the script would only be a client with no direct access to the
database and you wouldn't need to have a SUID/SGID program on your system.
With rigid enough packets between the client and the server, you should
be able to ensure only legal changes to the database are made.
This solution has the added bonus of enabling a higher access bandwidth to
the database. When using cgi-scripts each instance of the script needs to
lock, open, close and unlock the database. With a server running, the
database needs never be closed while connections are expected.

					Eli