uShop English (U.S.) for 179!

uStorekeeper English (U.S.) for 149!

 Products
       uTest
       uReserve
       uShop
       uStorekeeper
       uGolf
       uDirectory
       uSignIn
 Tech Support
       Support Policy
       Knowledge Base
            uTest
            uReserve
            uShop
            uStorekeeper
            uGolf
            uDirectory
            uSignIn
       Documentation
       Reference Sites
 Legal
       Software Piracy
       Legal Notices
       Privacy Policy
       Licensing
 Miscellaneous
       Reseller Info
       Contact Us
       Site Map
Security Question

Knowledge Base Lobby : uShop Support Conference : CGI Script Related Problems
Oct-22-17 10:37 PM EST
Original Message
Security Question
Author Tom Chapman on 03-16-2001 at 08:24 (EST)
Hello,

I need some advice - I have finished setting up the ushop.pl script and it works fine - but only when the data dir. has a CHMOND of 777. If I reduce this at all I get an error at the final order step.
It mentions in the security section that I may have to do this to get it to work properly but my ISP can block access - what exactly do they have to do to restrict access to the data dir.?

I am asking you as you seem very helpful here and my ISP can be a bit of an pain. If I can tell them exactly what needs doing they shouldn't be able to moan at me or worse still charge me!

Thanks in advance
Tom

http://www.percychapman.co.uk
E-MAIL AUTHOR | TABLE OF CONTENTS

Table Of Contents
  RE: Security Question Bill Weiner, 2001-03-16 08:52:18 (1)

Messages In This Discussion
         1. RE: Security Question
        Author Bill Weiner on 03-16-2001 at 08:52 (EST)
Most servers are setup to prevent listing any files/subdirectories of the cgi-bin.... similar to how our server prevents you from listing this data directory:

http://www.uburst.com/cgi-bin/ushop/data/

(You should get some sort of "Forbidden" Error).

Unfortunately, I don't know enough about configuring server to be able to say what would need to be done on your server to configure it this way.

As described in section 4 on this reference page:

http://www.uburst.com/uShop/security.html

The idea is to prevent website visitors from accessing/listing your "data" directory (or whatever name you give it).

If giving that directory 777 permissions does allow regular website visitors to access your data directory, then:

1) You would need to get your web hosting provider to configure your data directory to prevent visitors from accessing that directory (as discussed above).

Or

2) Your web hosting provider may provide something called "CGI WRAP" ... which essentially allows CGI script to run as a user... as opposed to running as "www" or "nobody". By running scripts as a user... you can actually set permissions on your data directory to something like 700. If your provider does provide CGI WRAP... and you need any assistance configuring the scripts to run with CGI WRAP... then just send us a support request (or email us at support@uburst.com) and I will assist.
TABLE OF CONTENTS

© 2003 Microburst Technologies, Inc.