----- Original Message -----
From: "Bill Stennett" <[EMAIL PROTECTED]>
To: "Activeperl" <[EMAIL PROTECTED]>
Sent: Tuesday, May 15, 2001 11:25 AM
Subject: PERL CGI accessing the NT registry
> Hi All
>
> I just wanted to check something before embarking on a project. Does
anyone
> know if there is likely to be a problem with a WINDOWS NT PERL script that
> tries to access the Windows NT registry. I'm thinking about the fact that
> the script will run as the anonymous user when called as a CGI and maybe
> won't have permissions etc.
>
It depends on what you want to do. Most of the registry is readable by
'Everyone', but if you want to change registry values, then the appropriate
permissions would apply. You can change the permissions on the section of
the registry you want to play with, but then you have a serious security
hole. You could also have the script "logon" with the appropriate
permissions to access the section of the registry you want. Again, this has
serious security implications. If you ARE going to implement either of the
above, you should be very cautious about how you implement it, and severely
limit the changes that users can make.
IMHO, modification of registry entries from the web should be avoided at all
costs. You never know who is going to hack into your script and butcher your
system.
ego
Edward G. Orton, GWN Consultants Inc.
Office: 613-860-3186, Home: 613-764-3186, Fax: 613-764-1721
email: [EMAIL PROTECTED]
_______________________________________________
ActivePerl mailing list
[EMAIL PROTECTED]
http://listserv.ActiveState.com/mailman/listinfo/activeperl
