"Fossies" - the Fresh Open Source Software Archive

Member "cgiwrap-4.1/htdocs/pubs.html" (16 Jun 2008, 2885 Bytes) of package /linux/www/old/cgiwrap-4.1.tar.gz:

As a special service "Fossies" has tried to format the requested source page into HTML format using (guessed) HTML source code syntax highlighting (style: standard) with prefixed line numbers. Alternatively you can here view or download the uninterpreted source code file.

    1 <TITLE>CGIWrap - Publications that Mention CGIWrap</TITLE>
    2 <CENTER><H2>CGIWrap - Publications that Mention CGIWrap</H2></CENTER>
    3 <HR><P>
    5 <H3>Special Edition - Using CGI:</H3>
    6 <DL>
    7     <DT><B>Publisher</B>:
    8     <DD><A HREF="http://www.mcp.com/">Que Corporation</A>
    9     <P>
   10     <DT><B>Excerpt (750-751)</B>:
   11     <DD>A better solution to the problem of deciding which user a
   12 script runs as when multiple people have CGI access is the CGIWrap
   13 program. CGIWrap, which is included on the CD that accompanies this book,
   14 is a simple wrapper that executes a CGI script as the user that owns the
   15 file instead of the user that the server specifies. This simple precaution
   16 leaves the script owner responsible for the damage it can do. 
   18     <P><DD>For instance, if the user "joanne" owns a CGI script that's
   19 wrapped in CGIWrap, the server will execute the script as user "joanne."
   20 In this way, CGIWrap acts like a setuid bit but has the added advantage of
   21 being controlled by the Web server rather than the operating system. That
   22 means that anybody who sneaks through any security holes in the script
   23 will be limited to whatever "joanne" herself can do-the files she can read
   24 and delete, the directories she can view, and so on. 
   26     <P><DD>Because CGIWrap puts CGI script authors in charge of the
   27 permissions for their own scripts, it can be a powerful tool not only to
   28 protect important files owned by others, but to motivate people to write
   29 secure scripts. The realization that only their files would be in danger
   30 can be a powerful persuader to script authors. 
   33     <P><DD>Excerpted with permission from Special Edition Using CGI
   34     <DD>Copyright &copy; 1996, Que Corporation
   36     <P>
   37     <DT><B>Comments</B>:
   38     <DD>The book is pretty good, at least in the copy I got, they say 
   39 that CGIwrap is included on the CD, but I can't find it anywhere.
   40 </DL>
   42 <P>
   43 <H2>Other References</H2>
   44 <UL>
   45     <LI><A HREF="http://www.kac.poliod.hu/~mystro/info/perlweb/ch09.htm">
   46         Special Edition, Using Perl for Web Programming, Ch. 9</A>
   47     <LI><A HREF="http://www.skip.adb.gu.se/skip/hjaelp/programmering/perl/perlbok/ebooks/html/perlbe/ch19.htm">
   48         Perl 5 By Example, Ch 9.</A>
   49     <LI><A HREF="http://www.sdmagazine.com/breakrm/features/s991f3.shtml">
   50         SD Magazine Feature - Safe CGI Scripting</A>
   51     <LI><A HREF="http://www.w3.org/Security/Faq/wwwsf4.html">
   52         WWW Security FAQ - CGI Scripts</A>
   53     <LI><A HREF="http://olc2.feld.cvut.cz/docs/ebook/chd09fi.htm">
   54         CGI Developers Guide - Ch. 9</A>
   55     <LI><A HREF="http://www.hut.fi/~csuokas/doc/hakkeri-final-report.html">
   56         Notes on the Security of a UNIX Web Server</A>
   57     <LI><A HREF="http://www.webtechniques.com/archives/1998/01/webm/">
   58         Boxed and Wrapped - Lincoln D. Stein</A>
   59     <LI><A HREF="http://www.webthing.com/tutorials/cgifaq.html">
   60         CGI FAQ</A>
   61     <LI><A HREF="http://www.the-lamer.com/texts/maximum-security/ch17/ch17.htm">
   62         Maximum Security - Hackers Guide to Protecting...</A>
   63 </UL>