Hi folks!
I have a FreeBSD server configured as a http server, running apache.
This installation includes mod_perl+EmbPerl, mod_php4 mod_cgi and
mod_fastcgi. Some of my users will be using mysql for database. The
problem is that this scenario requires sensitive information inside
file. This means no problem when these users write their dymanic pages
inside a compiled program. I can chmod a-rw and nobody will be able to
take away user/password from a compiled program. The problem happens
when write their php or embperl pages!
the key user\password are kept inside this file, so anyone can uses an
editor to retrieve the user mysql account. I resolve this problem
running php on secure mode and chgrping the php file the same user as
the http process and removing other flags file access (g-rwx). So nobody
besides the owner of the file (or the http process) will be able to read
it.
since php have some security facilities, like: if the file owner id !=
the file the script is trying to open => fails.
My problem is with perl: how to solve such a problem in a perl
environment?
Does mod perl allows any kind of security, to prevent ones writing
script to read others files?
PS: All cgi runs through suexec, so even cgi are not able to run the
script, ok?
