Hello,
I have a problem
with an Apache version 2.2 server running a
Perl script on an Ubuntu 6.06 machine that creates and appends a data-file.
Currently, the
data-file exists one folder deep in the document root.
Apache clients run
as the user daemon in group daemon.
When the data-file
is created, the file ownership and group is set to daemon.
The problem with
this is that every Apache client runs as daemon, and could
simply guess the folder and data-file name, thus displaying sensitive
information (like contact information of other client's input) that they
shouldn't be able to see.
I
tried modifying the Perl script to put the file in another folder
outside of the Apache root directory, fortunately Apache denies permission to
all folders outside the document root(with the right
configuration).
The client
should be able to view the index
page, input data, and run the Perl script only.
The data-file
should only be modifiable by the Perl script, and unable to be read, modified, or executed by
daemon.
If you have any advice or tips on this matter, I would truly
appreciate your help.
