Just an update of my current case with Perl data-files. I decided that suEXEC is a bit too advanced for me. Instead, I created a folder with sufficient permissions outside the document root to write/create/store the data-files. I wonder how much a security risk this is compared to suEXEC. The only reason I decided not to use it is because the documentation warned of serious security issues if it was used improperly. Again, I am not the expert in the stuff, but thank you for your suggestion anyway. -----Original Message----- From: Declerck Michael-W30479 Sent: Wednesday, July 26, 2006 6:12 PM To: users@xxxxxxxxxxxxxxxx Subject: RE: [users@httpd] Perl data-file You are awesome. Thank you very much. -----Original Message----- From: Richard de Vries [mailto:richard_devries@xxxxxxxxx] Sent: Wednesday, July 26, 2006 6:04 PM To: users@xxxxxxxxxxxxxxxx Subject: Re: [users@httpd] Perl data-file Sounds like something fo suexec http://httpd.apache.org/docs/2.2/suexec.html --- Declerck Michael-W30479 <W30479@xxxxxxxxxxxx> wrote: > Hello, > I have a problem with an Apache version 2.2 server running a Perl > script on an Ubuntu 6.06 machine that creates and appends a data-file. > Currently, the data-file exists one folder deep in the document root. > Apache clients run as the user daemon in group daemon. > When the data-file is created, the file ownership and group is set to > daemon. > The problem with this is that every Apache client runs as daemon, and > could simply guess the folder and data-file name, thus displaying > sensitive information (like contact information of other client's > input) that they shouldn't be able to see. > > I tried modifying the Perl script to put the file in another folder > outside of the Apache root directory, fortunately Apache denies > permission to all folders outside the document root(with the right > configuration). > > The client should be able to view the index page, input data, and run > the Perl script only. > The data-file should only be modifiable by the Perl script, and unable > to be read, modified, or executed by daemon. > > If you have any advice or tips on this matter, I would truly > appreciate your help. > > Michael DeClerck > __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|