Beefy Boxes and Bandwidth Generously Provided by pair Networks
Your skill will accomplish
what the force of many cannot
 
PerlMonks  

How do I prevent anybody from looking at the contents of my text files ?

by Anonymous Monk
on Jul 26, 2000 at 10:49 UTC ( #24424=perlquestion: print w/replies, xml ) Need Help??

Anonymous Monk has asked for the wisdom of the Perl Monks concerning the following question: (files)

I am writing scripts that read text files in my cgi-bin directory. I use these text files as databases and I don't want anybody to look at the contents of these files.

Originally posted as a Categorized Question.

  • Comment on How do I prevent anybody from looking at the contents of my text files ?

Replies are listed 'Best First'.
Re: How do I prevent from anybody looking at the contents of my text files ?
by davorg (Chancellor) on Jul 26, 2000 at 13:21 UTC
    1. Don't put data in the cgi-bin directory. Use another directory not accessible from the web for that.
    2. Set the file permissions on your data directory so that only your web server user can read and write files there.
    3. Create all the data files from within the cgi scripts with permissions of 600.
    4. The Apache webserver has an option to deny access to files matching wildcards (by default, access to all files starting with .ht is denied). You can use this feature to block access to your files (this feature is configured in the file httpd.conf).
Re: How do I prevent anybody from looking at the contents of my text files ?
by slurp (Initiate) on Aug 01, 2000 at 04:55 UTC
    If you let webserver-user "own" your files, than every other CGI script can read your files. To make something about that, you may make your scripts setuid. And then create all files in some directory other than cgi-bin which is only readable/writable/executable by your userid.
Re: How do I prevent anybody from looking at the contents of my text files ?
by Anonymous Monk on Feb 09, 2003 at 20:09 UTC
    Add the ".cgi" extension to your text files. If a visitor attempts to view it from a web broswer, they should get a 500.

      Obviously, this also depends on the configuration of your web server. With apache, a line like

      AddHandler cgi-script .cgi
      

      in to your httpd.conf will do the Right Thing (after you restart apache).

      --
      mowgli

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: perlquestion [id://24424]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others chilling in the Monastery: (7)
As of 2021-04-21 11:43 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    No recent polls found

    Notices?