Security Question on a CGI script.[please answer]

I have created a perl script(mailing list) that keeps the emails into a text database file. If a cracker finds this file he will open it and he will get all the emails. I want to have read/write permissions on the file for the scipt but I don't want the file to be viewable by someone else.I can encode it by I need it to be in plain text.

Thank you.
CUL8R

Comments

  • : I have created a perl script(mailing list) that keeps the emails into a text database file. If a cracker finds this file he will open it and he will get all the emails. I want to have read/write permissions on the file for the scipt but I don't want the file to be viewable by someone else.I can encode it by I need it to be in plain text.

    When you run it as a CGI on apache it is run by nobody (a user with almost the same permissions as root but nobody has no shell) so what you can do is place nobody as owner of that file and chmod it so that only the owner can read and write to it. Then you will only be able to access it from the script or if you are root.

    [red]--[/red]
    [green]jcarlsson[/green] [blue]<[/blue][purple]jcarlsson@linux.nu[/purple][blue]>[/blue]
    [red]http://www.jcarlsson.tk[/red]

Sign In or Register to comment.

Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Categories

In this Discussion