[unisog] creating secure asp/cgi servers
Christopher A Bongaarts
cab at tc.umn.edu
Tue Jun 4 15:54:28 GMT 2002
As Mark Brochu once put it so eloquently:
> Currently we do not offer students the ability to have scripting on their
> web pages for security reasons. I was wondering how any of you deal with
> this issue. I thought I heard about wrapping software to prevent poorly
> written scripts from doing any damage. Any references to some material
> would be greatly appreciated.
Speaking from the UNIX point of view, Apache comes with su_exec
<http://httpd.apache.org/docs/suexec.html> that is used to run CGI's
and SSI's as a particular user (also used for allowing virtual hosts
to run as a different user from the main web server).
A more general solution is cgiwrap <http://cgiwrap.unixtools.org/>,
which is a setuid CGI script that runs other CGI's.
%% Christopher A. Bongaarts %% cab at tc.umn.edu %%
%% Internet Services %% http://umn.edu/~cab %%
%% University of Minnesota %% +1 (612) 625-1809 %%
More information about the unisog