Beefy Boxes and Bandwidth Generously Provided by pair Networks
There's more than one way to do things
 
PerlMonks  

Re: Security, root and CGI?

by skx (Parson)
on Jan 29, 2009 at 22:35 UTC ( [id://740058]=note: print w/replies, xml ) Need Help??


in reply to Security, root and CGI?

One way of promising that input comes from a particular user, (not script), is to have the communication be asynchronous.

Have the CGI application run as user "foo" and create /var/spool/foo which is mode 700.

The CGI script can validate and create jobs in this directory that the root process can examine, validate some more, and then process.

Thats the cleanest separation I've ever used - in general I prefer to use sudo.

Steve
--

In Section Seekers of Perl Wisdom

Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?

www.com | www.net | www.org
Node Status?
node history
Node Type: note [id://740058]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this?Last hourOther CB clients
Other Users?
Others surveying the Monastery: (6)
As of 2024-04-19 10:07 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    No recent polls found