www.uburst.com www.uburst.com

"Security Question"

Go back to the LobbyClick here to Go Back to Main ListingClick here to see helpClick here to Search the Forum

CGI Script Related Problems
Forum Type: Public
Moderator: edmunds
Time Zone: EST
Printer Friendly Format
Original Message
 
"Security Question"
Posted by Tom Chapman on Mar-16-01 at 08:24 AM (EST)
Hello,

I need some advice - I have finished setting up the ushop.pl script and it works fine - but only when the data dir. has a CHMOND of 777. If I reduce this at all I get an error at the final order step.
It mentions in the security section that I may have to do this to get it to work properly but my ISP can block access - what exactly do they have to do to restrict access to the data dir.?

I am asking you as you seem very helpful here and my ISP can be a bit of an pain. If I can tell them exactly what needs doing they shouldn't be able to moan at me or worse still charge me!

Thanks in advance
Tom

http://www.percychapman.co.uk

Click to Send Alert Message to the Administrator Click to edit this messageClick to EMail Click here to reply to this messageClick here to reply to this message with quotesClick to goto the Table of Contents

 Table of Contents

RE: Security Question, Bill Weiner, Mar-16-01, (1)

 

 
Click here to goto Click here to goto the Lobby
Messages in this discussion
 
1 . "RE: Security Question"
Posted by Bill Weiner on Mar-16-01 at 08:52 AM (EST)
Most servers are setup to prevent listing any files/subdirectories of the cgi-bin.... similar to how our server prevents you from listing this data directory:

http://www.uburst.com/cgi-bin/ushop/data/

(You should get some sort of "Forbidden" Error).

Unfortunately, I don't know enough about configuring server to be able to say what would need to be done on your server to configure it this way.

As described in section 4 on this reference page:

http://www.uburst.com/uShop/security.html

The idea is to prevent website visitors from accessing/listing your "data" directory (or whatever name you give it).

If giving that directory 777 permissions does allow regular website visitors to access your data directory, then:

1) You would need to get your web hosting provider to configure your data directory to prevent visitors from accessing that directory (as discussed above).

Or

2) Your web hosting provider may provide something called "CGI WRAP" ... which essentially allows CGI script to run as a user... as opposed to running as "www" or "nobody". By running scripts as a user... you can actually set permissions on your data directory to something like 700. If your provider does provide CGI WRAP... and you need any assistance configuring the scripts to run with CGI WRAP... then just send us a support request (or email us at support@uburst.com) and I will assist.

Remove this Message: Administrator and Moderator onlyClick to Send Alert Message to the Administrator Click to edit this messageClick here to reply to this messageClick here to reply to this message with quotesClick to goto the Table of Contents


Archive This Thread: Admin and Moderator OnlyRemove This Thread: Admin and Moderator Only
Click here to goto Click here to goto the Lobby

 

 

 

 

 

 

 

 

 

 

 

 
Questions or problems regarding this bulletin board should be directed to Webmaster
©1997-1999 by DCScripts. All rights reserved.