CGI/Perl Guide | Learning Center | Forums | Advertise | Login
Site Search: in

  Main Index MAIN
INDEX
Search Posts SEARCH
POSTS
Who's Online WHO'S
ONLINE
Log in LOG
IN

Home: Perl Programming Help: Win32 Programming Help:
Win2k Apache security issue - help

 



rethaew
New User

Jun 14, 2006, 9:57 AM

Post #1 of 2 (2161 views)
     Win2k Apache security issue - help  

Good Day. I have recently been put in charge of managing a web server and I am not very familiar with Apache, or web servers in general, so please forgive my ignorance.

The server has Windows2k, Apache 2.2 and Activeperl 5.8. The problem is that there does not seem to be any security with the perl. Any web site that has CGI enabled can run a perl script that will execute system commands, modify files, etc. ANYWHERE on the server, not just in the home directory for that site. This is a gaping security hole that needs to be fixed. So if a user wanted to do some damage, he could in theory delete all other web site folders, destroy some system files, etc. Very bad.

I have searched the web and forums for a solution but this major issues doesn't seem to be addressed much. Can anyone advise on how to limit CGI activity to a web site's home directy with this setup.

Thanks.

Tim


KevinR
Veteran


Jun 14, 2006, 11:08 AM

Post #2 of 2 (2160 views)
     Re: [rethaew] Win2k Apache security issue - help [In reply to]  

Answer to your q is posted on another forum where you have to same q posted.
-------------------------------------------------


(This post was edited by KevinR on Jun 14, 2006, 11:08 AM)

 
 


Search for (options) Powered by Gossamer Forum v.1.2.0

Web Applications & Managed Hosting Powered by Gossamer Threads
Visit our Mailing List Archives