Beefy Boxes and Bandwidth Generously Provided by pair Networks
go ahead... be a heretic

Re: Security, root and CGI?

by DrHyde (Prior)
on Jan 29, 2009 at 11:39 UTC ( #739869=note: print w/replies, xml ) Need Help??

in reply to Security, root and CGI?

It makes sense. In fact it's quite common to do this, although with authentication in the CGI. The one change I'd make is that instead of doing authentication in both the CGI and the root daemon, I'd only do it in the root daemon, and have the CGI ask it what actions a particular user can perform so that it can present the right options to him. Then, obviously, when the CGI actually submits a job to the root daemon, the daemon needs to authenticate it again.

I'm not sure that you can guarantee that communications are coming from a particular process. But then, provided that you authenticate before performing each action as root, that shouldn't matter. If someone manages to talk to your process in a way you didn't expect, then if they can't authenticate that's great, if they can - well, so what? They could just as easily authenticate through your web interface.

You might even find it useful to have several ways of communicating with the daemon - for example, occasional users might use a web site, more frequent users might have a command line interface.

Log In?

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://739869]
[karlgoethebier]: marioroy ;Men need a challenge
Lady_Aleena remembers winning dodgeball and wonders why parents who played it will not let their kids play it.
[marioroy]: Disciplus My wife and I went on vacation. At work, I was stuck polling SNMP from 20 million devices. It would hang at 80,000. On the mist boat, hear a voice to enable grace in the design that 10x and more performance awaits.
[Lady_Aleena]: Women need challenges too karlgoethebier. 8)
[marioroy]: s/hear/heard/
[karlgoethebier]: Discipulus: No. See https://en. wiki/Tribe_( Native_American)
[karlgoethebier]: They took Unix from some aliens
[marioroy]: Perl is so powerful that it can poll 40 metrics from 20 million devices in 40 minutes using 4 nodes only.
[karlgoethebier]: http://www. aliens.htm
[Lady_Aleena]: marioroy, I can't decide whether or not to move my RolePlaying:: Random:: modules to just Random::. I'm not as sophisticated as most here.

How do I use this? | Other CB clients
Other Users?
Others making s'mores by the fire in the courtyard of the Monastery: (9)
As of 2017-05-29 08:53 GMT
Find Nodes?
    Voting Booth?