Changeset 992 for pykota/trunk/SECURITY

Show
Ignore:
Timestamp:
05/08/03 14:48:00 (21 years ago)
Author:
jalet
Message:

Safer CGI configuration.

Files:
1 modified

Legend:

Unmodified
Added
Removed

  • pykota/trunk/SECURITY

    r971 r992  
    8080         can read PyKota's configuration file too, for example 
    8181         by putting www-data in the lpadmin group. 
     82         WARNING : putting www-data in the lpadmin group so that 
     83         the CGI script can read the /etc/pykota.conf file is 
     84         dangerous. If any user can create CGI scripts launchable 
     85         as www-data then he could steal a copy of the /etc/pykota.conf  
     86         file and learn database and database users' name and passwords. 
     87         The best solution is probably to create a pykota system 
     88         account and run the CGI script as this user using Apache's SuEXEC 
     89         facility. Refer to Apache's documentation for details. 
    8290   
    8391  - Secure your database connection :