Re: Allowing Apache to Write to filesystem

If you modify your script to write to a database instead of flatfiles and then create your PDF from a separate process, you can avoid some of the potential security holes.

Comment on Re: Allowing Apache to Write to filesystem

Replies are listed 'Best First'.
Re^2: Allowing Apache to Write to filesystem by hesco (Deacon) on Feb 24, 2006 at 08:15 UTC
I had thought of feeding this data into a db backend, but after consulting with our host decided it made more sense to cache this static content, ready to be served by apache without further processing overhead. I'm assuming that handling the pdf creation in distinct processes would mean using either eval or exec? I'm not quite sure how that will help. One friend I consulted today on this suggested using an suid wrapper or a sudoers entry to permit apache to handle writing to a directory it would otherwise be unable to write from. My friend also suggested adding host based authentication to my existing userID -> password challenge response as an added precaution. I'm still rereading the sudoers man page after a two year hiatus from using it. -- Hugh	[reply]

Replies are listed 'Best First'.

Re^2: Allowing Apache to Write to filesystem
by hesco (Deacon) on Feb 24, 2006 at 08:15 UTC

One friend I consulted today on this suggested using an suid wrapper or a sudoers entry to permit apache to handle writing to a directory it would otherwise be unable to write from. My friend also suggested adding host based authentication to my existing userID -> password challenge response as an added precaution. I'm still rereading the sudoers man page after a two year hiatus from using it.

-- Hugh

[reply]