How do I prevent anybody from looking at the contents of my text files ?

Anonymous Monk has asked for the wisdom of the Perl Monks concerning the following question: ⭐ (files)

Replies are listed 'Best First'.
Re: How do I prevent from anybody looking at the contents of my text files ?⭐ by davorg (Chancellor) on Jul 26, 2000 at 13:21 UTC
Don't put data in the cgi-bin directory. Use another directory not accessible from the web for that. Set the file permissions on your data directory so that only your web server user can read and write files there. Create all the data files from within the cgi scripts with permissions of 600. The Apache webserver has an option to deny access to files matching wildcards (by default, access to all files starting with `.ht` is denied). You can use this feature to block access to your files (this feature is configured in the file `httpd.conf`).	[reply]
Re: How do I prevent anybody from looking at the contents of my text files ? by slurp (Initiate) on Aug 01, 2000 at 04:55 UTC
If you let webserver-user "own" your files, than every other CGI script can read your files. To make something about that, you may make your scripts setuid. And then create all files in some directory other than cgi-bin which is only readable/writable/executable by your userid.	[reply]
Re: How do I prevent anybody from looking at the contents of my text files ? by Anonymous Monk on Feb 09, 2003 at 20:09 UTC
Add the ".cgi" extension to your text files. If a visitor attempts to view it from a web broswer, they should get a 500.	[reply]
Re: Answer: How do I prevent anybody from looking at the contents of my text files ? by mowgli (Friar) on Feb 10, 2003 at 10:19 UTC
Obviously, this also depends on the configuration of your web server. With apache, a line like AddHandler cgi-script .cgi in to your `httpd.conf` will do the Right Thing (after you restart apache). -- mowgli	[reply]


Pathologically Eclectic Rubbish Lister
	PerlMonks