"Fossies" - the Fresh Open Source Software Archive

Member "cgiwrap-4.1/doc/pubs" (16 Jun 2008, 2340 Bytes) of package /linux/www/old/cgiwrap-4.1.tar.gz:

As a special service "Fossies" has tried to format the requested text file into HTML format (style: standard) with prefixed line numbers. Alternatively you can here view or download the uninterpreted source code file.

    1                  CGIWrap - Publications that Mention CGIWrap
    2      __________________________________________________________________
    4   Special Edition - Using CGI:
    6    Publisher:
    7           Que Corporation
    9    Excerpt (750-751):
   10           A better solution to the problem of deciding which user a script
   11           runs as when multiple people have CGI access is the CGIWrap
   12           program. CGIWrap, which is included on the CD that accompanies
   13           this book, is a simple wrapper that executes a CGI script as the
   14           user that owns the file instead of the user that the server
   15           specifies. This simple precaution leaves the script owner
   16           responsible for the damage it can do.
   18           For instance, if the user "joanne" owns a CGI script that's
   19           wrapped in CGIWrap, the server will execute the script as user
   20           "joanne." In this way, CGIWrap acts like a setuid bit but has
   21           the added advantage of being controlled by the Web server rather
   22           than the operating system. That means that anybody who sneaks
   23           through any security holes in the script will be limited to
   24           whatever "joanne" herself can do-the files she can read and
   25           delete, the directories she can view, and so on.
   27           Because CGIWrap puts CGI script authors in charge of the
   28           permissions for their own scripts, it can be a powerful tool not
   29           only to protect important files owned by others, but to motivate
   30           people to write secure scripts. The realization that only their
   31           files would be in danger can be a powerful persuader to script
   32           authors.
   34           Excerpted with permission from Special Edition Using CGI
   35           Copyright © 1996, Que Corporation
   38           The book is pretty good, at least in the copy I got, they say
   39           that CGIwrap is included on the CD, but I can't find it
   40           anywhere.
   42 Other References
   44      * Special Edition, Using Perl for Web Programming, Ch. 9
   45      * Perl 5 By Example, Ch 9.
   46      * SD Magazine Feature - Safe CGI Scripting
   47      * WWW Security FAQ - CGI Scripts
   48      * CGI Developers Guide - Ch. 9
   49      * Notes on the Security of a UNIX Web Server
   50      * Boxed and Wrapped - Lincoln D. Stein
   51      * CGI FAQ
   52      * Maximum Security - Hackers Guide to Protecting...