in reply to Creating and writing a file to a password protected directory

Our mistake. The directory is protect with .htaccess. When we tested the CGI, we kept getting an authorization screen requesting the username and password for the directory. After scratching our heads, we emptied the cache on our browser and tried again, and this time it worked without the authorization screen showing. Not sure why we got the first authorization screen...sorry for the mistake.
  • Comment on Re: Creating and writing a file to a password protected directory

Replies are listed 'Best First'.
(jeffa) 2Re: Creating and writing a file to a password protected directory
by jeffa (Bishop) on Oct 12, 2002 at 18:55 UTC
    Good deal. I recommend that you remove the 777 permissions from that directory and instead chown the directory to what ever user the web server runs as. I assume you are using Apache, correct? Use grep or egrep for 'User' on httpd.conf:
    egrep ^User /path/to/conf/httpd.conf
    to find out which user. Then you can chmod the directory to a safer 755.


    (the triplet paradiddle with high-hat)

      Depending on the data 755 may also be unsafe. I'm guessing that whatever data is being written must be both private and correct. If you were I then I'd set the minimum possible permissions and ensure that the process doing the writing was either the directory and file owner or at least in the right group. I'd hate for you to write down credit cards or something using that scheme. In general consider this advice incomplete and a guess at best. If you don't already understand unix permissions then you'll have to learn them prior to completing whatever you're doing. Of course there's additional security to be had by using public-key cryptography. Again, you have to know what you're doing to use it sanely (like not putting the private key on the server among others).

      __SIG__ printf "You are here %08x\n", unpack "L!", unpack "P4", pack "L!", B:: +svref_2object(sub{})->OUTSIDE