Re: User directory security

From: Gandalf Parker (gandalf_at_most.of.my.favorite.sites)
Date: 06/12/04

  • Next message: Security Alert: "SSRT3487 rev.3 remote denial of service in tftpd"
    Date: Sat, 12 Jun 2004 18:03:33 GMT
    
    

    those who know me have no need of my name <not-a-real-address@usa.net>
    wrote in news:m13c516aas.gnus@usa.net:

    > in comp.unix.admin i read:
    >
    >>When I need to only allow my account to have access to a file, I set
    >>the permissions accordingly (no ACL's on our system) and have the web
    >>server access it using a CGI script called through CGIwrap:
    >>
    >>http://cgiwrap.sourceforge.net/
    >>
    >>This allows the web server to run my UID rather than nobody.
    >
    > cgiwrap is an excellent alternative to suexec. it can even run php
    > scripts without them being `normally executable' (with a shebang line
    > and with execute permission), i.e., it can remain the same sort of php
    > file that `everyone' expects (starts with <? and is mode 644 or so).
    >

    I tend to think as a sysadmin upward rather than web or program downward
    to the system. I find that I have more control and security if I have a
    program or cgi or web-page create a file with the information in it. Then
    have a CRON job look for the file in order to process it. Alot of the
    more confusing security checks are not needed with that method.

    Gandalf Parker
    -- Have you ever noticed that the Klingons are all speaking unix?
    "Grep ls awk chmod." "Mknod ksh tar imap."
    "Wall fsck yacc!" (that last is obviously a curse of some sort)


  • Next message: Security Alert: "SSRT3487 rev.3 remote denial of service in tftpd"

    Relevant Pages

    • Re: User directory security
      ... > and with execute permission), i.e., it can remain the same sort of php ... I tend to think as a sysadmin upward rather than web or program downward ... more confusing security checks are not needed with that method. ...
      (comp.unix.admin)
    • Re: e-commerce portal
      ... haven't had a single site that sees a need for this sort of hardening. ... Java anymore. ... PHP is a technology that has gotten a harsh rap due to large security ... Marketing at its worse, eh? ...
      (comp.databases.pick)
    • Re: Programmatic clicking and new windows
      ... You can search through the window objects ... Now this is sort of a funny sort of ... PHP is able to work with this event handler ...
      (microsoft.public.scripting.vbscript)
    • Re: Are YOU a Chav?
      ... >>>supposed to use for this sort of exercise. ... The php you need for this sort of thing is reasonably ... "Turkey should join the EU 'because it is a European country'" ... "only 22% of citizens across Europe want Turkey to join the EU" ...
      (uk.politics.misc)
    • Re: Perform maths based on a number in a text file
      ... read buy many others' sort of access that you need. ... type query. ... PHP, if you want. ... then includethat file in scripts where the valueneed to be used. ...
      (comp.lang.php)