Securing a CGI script

qadwjoh has asked for the wisdom of the Perl Monks concerning the following question:

Hi,

I have a Perl CGI script running on Windows through IIS. This script needs to be run under a special user ID in order to access files, other Perl scripts, programs and network shares.

This is currently achieved by setting this ID as the anonymous access ID within IIS. On accessing the site the user initially runs an authentication script which is launched using integrated Windows authentication. If this is successful, the user is passed to a main website, the scripts of which run under the anonymous access ID. I've also ensured that no-one can skip the authentication script by having it create a session file on the server (using CGI::Session) and making all subsequent scripts launched check for the validity of this session.

Someone has recently recommended that I change the set up so that, instead of all scripts launching automatically under the special ID, I use integrated Windows authentication on these scripts as well, but add code so that they assume the special ID when launched (for example using the RunAs command or the LogonAsUser() function in Win32::AdminMisc). My question is, is this more secure or does it have any benefits over the exisiting security set-up?

Any comments would be appreciated.

thanks,
A

Comment on Securing a CGI script

Replies are listed 'Best First'.
Re: Securing a CGI script by perlfan (Parson) on Sep 28, 2004 at 19:26 UTC
Running IIS while using functions called "RunAs" and "LogonAsUSer" makes my stomache turn - that is my comment...sorry if it is not helpful - or maybe it is :)	[reply]
Re: Securing a CGI script by inman (Curate) on Sep 29, 2004 at 15:32 UTC
Windows Integrated Authentication causes any script to be executed with the permissions set for the user that authenticated. Basically, the scripts will run as if the user was logged into the server console. Access to files, scripts and network shares are restricted by ACLs on the file system, registry and network shares. You will need to work with the permissions set for non-administrative users in order to get your script working. The chances are that your application will work just fine when you use it but will break when normal users have a go. This is probably because you are an administrator on the server and have different permissions to normal users. You will need to debug your application as a regular user. You need to look out for permissions related issues. General points: Files are secured by the ACL on the directory or file itself. This applies to all files including configuration files etc. I have found that a tool like NTFILEMON is useful for working out which files are really used. Registry entries are also secured by ACL. You will need to use Regedit32 to view the permissions. Use NTREGMON to look at registry usage. Network Shares are protected by ACL. This typically limits the people who can read files to a small number of administrators. Super Search for IIS and share. The utilities mentioned above are available from SysInternals (http://www.sysinternals.com/ntw2k/utilities.shtml)	[reply]
Re^2: Securing a CGI script by qadwjoh (Scribe) on Sep 30, 2004 at 10:18 UTC
Hi, thanks for the advice, but my problem isn't getting my website to work - I'm just interested to know the benefits of using RunAs instead of settings in IIS, if any. thanks, A	[reply]