Beefy Boxes and Bandwidth Generously Provided by pair Networks
No such thing as a small change
 
PerlMonks  

Re: Re: Re: Data Security in Perl

by ichimunki (Priest)
on Sep 04, 2002 at 19:27 UTC ( #195173=note: print w/ replies, xml ) Need Help??


in reply to Re: Re: Data Security in Perl
in thread Data Security in Perl

Yes, this is "their fault". It's a poor design on a shared host since, as you're finding, as it causes users to have to do strange things WRT permissions. It can also make it a royal pain to delete those files, since they will normally be chmod'ed 644 and chown'ed to nobody. Then you have to run a CGI script to chmod them to 666 so your user account can delete them (since CGI runs as nobody it is the only user level account that has write access to these files). If time/money/whatever aren't an issue, you might shop for a new ISP who runs Apache CGI as the actual user instead of nobody. This protects your data both from external browser viewers as well as other users on your shared host.

The suggestion about storing these files outside the docroot for your CGI/web directory is also a good one, otherwise anyone who can guess the URL can see these files unless you take pains to change the permissions to something like 600.

FWIW, I would be just as paranoid about access by other users of the shared host as I would by the web at large. Unless you know all those people, you have no idea what they'll do with the data in your directories.


Comment on Re: Re: Re: Data Security in Perl

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://195173]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others romping around the Monastery: (6)
As of 2014-09-15 10:56 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    My favorite cookbook is:










    Results (146 votes), past polls