Beefy Boxes and Bandwidth Generously Provided by pair Networks
Perl: the Markov chain saw
 
PerlMonks  

Re: Security, root and CGI?

by DrHyde (Prior)
on Jan 29, 2009 at 11:39 UTC ( #739869=note: print w/ replies, xml ) Need Help??


in reply to Security, root and CGI?

It makes sense. In fact it's quite common to do this, although with authentication in the CGI. The one change I'd make is that instead of doing authentication in both the CGI and the root daemon, I'd only do it in the root daemon, and have the CGI ask it what actions a particular user can perform so that it can present the right options to him. Then, obviously, when the CGI actually submits a job to the root daemon, the daemon needs to authenticate it again.

I'm not sure that you can guarantee that communications are coming from a particular process. But then, provided that you authenticate before performing each action as root, that shouldn't matter. If someone manages to talk to your process in a way you didn't expect, then if they can't authenticate that's great, if they can - well, so what? They could just as easily authenticate through your web interface.

You might even find it useful to have several ways of communicating with the daemon - for example, occasional users might use a web site, more frequent users might have a command line interface.


Comment on Re: Security, root and CGI?

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://739869]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others surveying the Monastery: (6)
As of 2014-09-18 00:51 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    How do you remember the number of days in each month?











    Results (101 votes), past polls