Re: User directory security

From: Gandalf Parker (gandalf_at_most.of.my.favorite.sites)
Date: 06/12/04

  • Next message: Security Alert: "SSRT3487 rev.3 remote denial of service in tftpd"
    Date: Sat, 12 Jun 2004 18:03:33 GMT
    
    

    those who know me have no need of my name <not-a-real-address@usa.net>
    wrote in news:m13c516aas.gnus@usa.net:

    > in comp.unix.admin i read:
    >
    >>When I need to only allow my account to have access to a file, I set
    >>the permissions accordingly (no ACL's on our system) and have the web
    >>server access it using a CGI script called through CGIwrap:
    >>
    >>http://cgiwrap.sourceforge.net/
    >>
    >>This allows the web server to run my UID rather than nobody.
    >
    > cgiwrap is an excellent alternative to suexec. it can even run php
    > scripts without them being `normally executable' (with a shebang line
    > and with execute permission), i.e., it can remain the same sort of php
    > file that `everyone' expects (starts with <? and is mode 644 or so).
    >

    I tend to think as a sysadmin upward rather than web or program downward
    to the system. I find that I have more control and security if I have a
    program or cgi or web-page create a file with the information in it. Then
    have a CRON job look for the file in order to process it. Alot of the
    more confusing security checks are not needed with that method.

    Gandalf Parker
    -- Have you ever noticed that the Klingons are all speaking unix?
    "Grep ls awk chmod." "Mknod ksh tar imap."
    "Wall fsck yacc!" (that last is obviously a curse of some sort)


  • Next message: Security Alert: "SSRT3487 rev.3 remote denial of service in tftpd"

    Relevant Pages

    • Re: User directory security
      ... > and with execute permission), i.e., it can remain the same sort of php ... I tend to think as a sysadmin upward rather than web or program downward ... more confusing security checks are not needed with that method. ...
      (comp.unix.admin)
    • Re: e-commerce portal
      ... haven't had a single site that sees a need for this sort of hardening. ... Java anymore. ... PHP is a technology that has gotten a harsh rap due to large security ... Marketing at its worse, eh? ...
      (comp.databases.pick)
    • Re: Programmatic clicking and new windows
      ... You can search through the window objects ... Now this is sort of a funny sort of ... PHP is able to work with this event handler ...
      (microsoft.public.scripting.vbscript)
    • Re: Are YOU a Chav?
      ... >>>supposed to use for this sort of exercise. ... The php you need for this sort of thing is reasonably ... "Turkey should join the EU 'because it is a European country'" ... "only 22% of citizens across Europe want Turkey to join the EU" ...
      (uk.politics.misc)
    • Re: Programmatic clicking and new windows
      ... Now this is sort of a funny sort of ... PHP is able to work with this event handler ... So all I hope is that a developer responds to the bug ...
      (microsoft.public.scripting.vbscript)