jim@archer.net wrote:
> I don't think you are unique in this respect, Grant. Speaking for
> myself, security is at the top of my issues list.
I never questioned that other people were putting time and effort into
securing their systems. My intention was to begin a discussion so as to
educate those people who are leaving themselves at risk.
Alex's methodlogy is useful, but it still allows the web-server user to read
OpenSRS.conf. This means that any errant CGI or even a server-side include
could be used to read it. I use a wrapper to ensure that only the CGIs in my
openSRS cgi directory are allowed to be run as then "opensrs" user. Another
option is to use a chroot()'ing wrapper, but this involves re-installing
perl in the new root directory.
-- Grant
This archive was generated by hypermail 2.1.3 : Tue Oct 19 2004 - 23:35:22 EDT