[Previous] [Next] [Index]
[Thread]
Re: Securing Web Server + CGIs
-----BEGIN PGP SIGNED MESSAGE-----
watchman@molhub.mol.net.my wrote:
>
> Basically, I'm looking for a method/way for allowing multiple users
> to update their Web documents ( + CGI programs ) on a Web Server. Those
> users would have their own accounts on the Web Server, and their Web
> documents have to be updated in real-time.
> Now, the method(s) proposed must ensure that security is maintained on
> the web server, especially re: CGIs. How do we ensure that malicious CGIs
> are not put onto the web server ? Is there any way to restrict the
> execution of any CGIs to only a particular directory in the web user's
> home directory ?
The Internet service http://www.best.com allows its customers to have home
pages running their own CGI scripts (at least as far as I could tell), using
their home directory to store CGI. They have posted an extensive FAQ on this
subject on their site. Check out this site, it may yield valuable information
on how they survive with thousands of customers (many rank newbies) running
their CGI's all at once.
Gene
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
iQCVAwUBMVG0Es4N33uf66GRAQG+yQP/RCSc8dxIwQO5DXunnzxgCWyGz7AzlC4J
U+9eMjM4rxfdi3v6iQtef1PBTg/zg/fAQuOS8sUkIATPD02KG/bC4zgPGeJZnBAv
TcN/aSstf3MKSr0ADoR4gHR6wgVqcWy0LIV8j9iexubJeatRi0b5CyK1smxM9yju
NdyvMCOkPUE=
=dX8g
-----END PGP SIGNATURE-----
Copyright (c)1996 Gene Ingram
All Rights Reserved
__________________________________________________________________
Gene Ingram gene@cup.hp.com
ingram@pubs.holosys.com
PGP UserID: "Gene Ingram <gene@cup.hp.com>"
Key Size: 1024 bits; Creation date: 21 March 1996; KeyID: 9FEBA191
Key fingerprint: 93 E1 15 E6 35 BC B2 84 B2 7B 39 76 29 72 32 72
References: