(2 out of 2)
Overview
We are all concerned as information becomes readily available within the organization, as well as beyond the organization. We have attempted to provide a few suggestions to ensure a degree of control. For More details and a discussion on Security issues, We recommend The WWW Security FAQ, by Lincoln D. Stein, at: http:// www-genome.wi.mit.edu/WWW/faqs/www-security-faq.html
Using Files
The default directory for the file object is the directory specified in the HTML Path Option. If you wish to specify a different directory you must set the Files Path Option to the correct path, when creating the file object.
The file object must exist, and be writable by, the user: nobody (sic., the user name is nobody). If the file object does not exist, then the directory where the file will live, must exist, and be writable by the user: nobody. It is recommended to allow the file object to exist and be writable by user nobody, while write permission to the directory is restricted¯ thus minimizing the risk to other files, within the directory.
Using Executables
Executables are handled in two different ways: The method used for starting the executable is determined by the presence of Arguments that are passed to Standard-in. If arguments are specified to Standard-in, the CGI will call the C library function
excvp,
otherwise popen, will be called.
There are security concerns for the Sapphire ExecData objects that do not have arguments passed to Standard-in. Vulnerability occurs, because the command in a popen call is interpreted by the Bourne Shell, and can be hacked. For example, a hacker can send executable commands to your server, by using special character sets, via your CGI. Therefore, do not take for granted that the Browser information is correct.
Specifying the User
To protect your data, use wrap, as it will not interpret the users input at the shell level. You must specify the command-line arguments as wrapped, by using double quotes. When the CGI executes the ExecData object it will put a in a single quote.
- Note: To prevent loss of data make sure the database user has access to only those tables necessary to perform their task.
We recommend that you not set the option Project SQL in HTML, to TRUE. If it is set to TRUE, any SQL statement could executed, by simply placing SQL into the HTML template¯ destroying your database.
Configuration
We support but do not recommend putting the database username and password in the configuration file. Depending upon how your server is set-up, the config file is accessible by any Browser, if the URL is known.
(2 out of 2)