You are awesome. Thank you very much. -----Original Message----- From: Richard de Vries [mailto:[EMAIL PROTECTED] Sent: Wednesday, July 26, 2006 6:04 PM To: users@httpd.apache.org Subject: Re: [EMAIL PROTECTED] Perl data-file
Sounds like something fo suexec http://httpd.apache.org/docs/2.2/suexec.html --- Declerck Michael-W30479 <[EMAIL PROTECTED]> wrote: > Hello, > I have a problem with an Apache version 2.2 server running a Perl > script on an Ubuntu 6.06 machine that creates and appends a data-file. > Currently, the data-file exists one folder deep in the document root. > Apache clients run as the user daemon in group daemon. > When the data-file is created, the file ownership and group is set to > daemon. > The problem with this is that every Apache client runs as daemon, and > could simply guess the folder and data-file name, thus displaying > sensitive information (like contact information of other client's > input) that they shouldn't be able to see. > > I tried modifying the Perl script to put the file in another folder > outside of the Apache root directory, fortunately Apache denies > permission to all folders outside the document root(with the right > configuration). > > The client should be able to view the index page, input data, and run > the Perl script only. > The data-file should only be modifiable by the Perl script, and unable > to be read, modified, or executed by daemon. > > If you have any advice or tips on this matter, I would truly > appreciate your help. > > Michael DeClerck > __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] " from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] " from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
