"Fossies" - the Fresh Open Source Software Archive
Member "cgiwrap-4.1/htdocs/pubs.html" (16 Jun 2008, 2885 Bytes) of package /linux/www/old/cgiwrap-4.1.tar.gz:
As a special service "Fossies" has tried to format the requested source page into HTML format using (guessed) HTML source code syntax highlighting (style: standard
) with prefixed line numbers.
Alternatively you can here view
the uninterpreted source code file.
1 <TITLE>CGIWrap - Publications that Mention CGIWrap</TITLE>
2 <CENTER><H2>CGIWrap - Publications that Mention CGIWrap</H2></CENTER>
5 <H3>Special Edition - Using CGI:</H3>
8 <DD><A HREF="http://www.mcp.com/">Que Corporation</A>
10 <DT><B>Excerpt (750-751)</B>:
11 <DD>A better solution to the problem of deciding which user a
12 script runs as when multiple people have CGI access is the CGIWrap
13 program. CGIWrap, which is included on the CD that accompanies this book,
14 is a simple wrapper that executes a CGI script as the user that owns the
15 file instead of the user that the server specifies. This simple precaution
16 leaves the script owner responsible for the damage it can do.
18 <P><DD>For instance, if the user "joanne" owns a CGI script that's
19 wrapped in CGIWrap, the server will execute the script as user "joanne."
20 In this way, CGIWrap acts like a setuid bit but has the added advantage of
21 being controlled by the Web server rather than the operating system. That
22 means that anybody who sneaks through any security holes in the script
23 will be limited to whatever "joanne" herself can do-the files she can read
24 and delete, the directories she can view, and so on.
26 <P><DD>Because CGIWrap puts CGI script authors in charge of the
27 permissions for their own scripts, it can be a powerful tool not only to
28 protect important files owned by others, but to motivate people to write
29 secure scripts. The realization that only their files would be in danger
30 can be a powerful persuader to script authors.
33 <P><DD>Excerpted with permission from Special Edition Using CGI
34 <DD>Copyright © 1996, Que Corporation
38 <DD>The book is pretty good, at least in the copy I got, they say
39 that CGIwrap is included on the CD, but I can't find it anywhere.
43 <H2>Other References</H2>
45 <LI><A HREF="http://www.kac.poliod.hu/~mystro/info/perlweb/ch09.htm">
46 Special Edition, Using Perl for Web Programming, Ch. 9</A>
47 <LI><A HREF="http://www.skip.adb.gu.se/skip/hjaelp/programmering/perl/perlbok/ebooks/html/perlbe/ch19.htm">
48 Perl 5 By Example, Ch 9.</A>
49 <LI><A HREF="http://www.sdmagazine.com/breakrm/features/s991f3.shtml">
50 SD Magazine Feature - Safe CGI Scripting</A>
51 <LI><A HREF="http://www.w3.org/Security/Faq/wwwsf4.html">
52 WWW Security FAQ - CGI Scripts</A>
53 <LI><A HREF="http://olc2.feld.cvut.cz/docs/ebook/chd09fi.htm">
54 CGI Developers Guide - Ch. 9</A>
55 <LI><A HREF="http://www.hut.fi/~csuokas/doc/hakkeri-final-report.html">
56 Notes on the Security of a UNIX Web Server</A>
57 <LI><A HREF="http://www.webtechniques.com/archives/1998/01/webm/">
58 Boxed and Wrapped - Lincoln D. Stein</A>
59 <LI><A HREF="http://www.webthing.com/tutorials/cgifaq.html">
60 CGI FAQ</A>
61 <LI><A HREF="http://www.the-lamer.com/texts/maximum-security/ch17/ch17.htm">
62 Maximum Security - Hackers Guide to Protecting...</A>