Mailing List Archive: 49091 messages
  • Home
  • Script library
  • AltME Archive
  • Mailing list
  • Articles Index
  • Site search

[REBOL] Re: security violation

From: gchiu:compkarori at: 21-Dec-2000 21:06

On Wed, 20 Dec 2000 21:21:59 -0800 (PST) Kevin McKinnon <[kevin--sunshinecable--com]> wrote:
> The webserver typically runs as user 'nobody' (or some > other virtual user > ID) with minimal permissions. One of the things 'nobody' > can do is read > and execute programs in your cgi-bin... but cannot write > there.
But my Perl scripts can write to my cgi-bin directory. Rebol -cs does the trick
> What you should do is create a data directory somewhere > else in your home > directory (preferably *above* the directory the webserver > uses as root, so > that your data can't be retrieved via the webserver by > some unscrupulous > user) and give that directory read/write permissions for > user 'nobody'.
That's a thought. I was wondering where I could put data that I didn't want in my cgi-bin directory. I'll give that a go. Thanks, -- Graham Chiu