Re: Moving A Web Application From Hacky To ... Less Hacky

Congrats Cody on what you've already achieved.

Other monks can weigh in with their opinions here, but I don't like the idea of a world-writeable directory for anything... I'd prefer to have the file/directory permissions set to 0644 so it is writeable only by your userid, and run the script with the suid bit set so that it runs as your usergrp rather than the webserver's.. and then make damned sure to read up on tainting (because suid scripts automatically invoke taint checks)!!!

..Guv

Update see here for more CGI security info.

Update II I saw this article by Ovid referenced by another monk in some node (sorry, don't remember what node / who linked it). Cheers!

Comment on Re: Moving A Web Application From Hacky To ... Less Hacky

Replies are listed 'Best First'.
Re: Moving A Web Application From Hacky To ... Less Hacky by Cody Pendant (Prior) on Mar 01, 2002 at 03:39 UTC
I believe my hosting service recently changed their setup so that scripts are all run with the user's ID rather than the webserver/nobody ID, so that's good, right? I guess I can check by setting that folder to 644 and trying to create a post... Doesn't solve the problem for anyone else though. Thanks for the info. Anyone care to boil security and taint issues down to "if you're doing any of the following things, you need to worry..." kind of thing? -- `($_='jjjuuusssttt annootthhrer pppeeerrrlll haaaccckkeer')=~y/a-z//s;print;` [download]	[reply] [d/l]

Replies are listed 'Best First'.

Re: Moving A Web Application From Hacky To ... Less Hacky
by Cody Pendant (Prior) on Mar 01, 2002 at 03:39 UTC

all

Doesn't solve the problem for anyone else though. Thanks for the info.

Anyone care to boil security and taint issues down to "if you're doing any of the following things, you need to worry..." kind of thing?
--

($_='jjjuuusssttt annootthhrer
     pppeeerrrlll  haaaccckkeer')=~y/a-z//s;print;
[download]

[reply]
[d/l]