Author Tom Chapman on 03-16-2001 at 08:24 (EST)
I need some advice - I have finished setting up the ushop.pl script and it works fine - but only when the data dir. has a CHMOND of 777. If I reduce this at all I get an error at the final order step.
It mentions in the security section that I may have to do this to get it to work properly but my ISP can block access - what exactly do they have to do to restrict access to the data dir.?
I am asking you as you seem very helpful here and my ISP can be a bit of an pain. If I can tell them exactly what needs doing they shouldn't be able to moan at me or worse still charge me!
Thanks in advance
|Messages In This Discussion|
| 1. RE: Security Question|
Author Bill Weiner on 03-16-2001 at 08:52 (EST)
|Most servers are setup to prevent listing any files/subdirectories of the cgi-bin.... similar to how our server prevents you from listing this data directory:|
(You should get some sort of "Forbidden" Error).
Unfortunately, I don't know enough about configuring server to be able to say what would need to be done on your server to configure it this way.
As described in section 4 on this reference page:
The idea is to prevent website visitors from accessing/listing your "data" directory (or whatever name you give it).
If giving that directory 777 permissions does allow regular website visitors to access your data directory, then:
1) You would need to get your web hosting provider to configure your data directory to prevent visitors from accessing that directory (as discussed above).
2) Your web hosting provider may provide something called "CGI WRAP" ... which essentially allows CGI script to run as a user... as opposed to running as "www" or "nobody". By running scripts as a user... you can actually set permissions on your data directory to something like 700. If your provider does provide CGI WRAP... and you need any assistance configuring the scripts to run with CGI WRAP... then just send us a support request (or email us at firstname.lastname@example.org) and I will assist.