[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-users] htaccess problem on raq3i

Subject: Re: [cobalt-users] htaccess problem on raq3i
From: "H.P. Stroebel" <hpstr@xxxxxxxxxxxxx>
Date: Thu Jul 27 14:22:03 2000
Organization: Rechtsanwalt

Henri-Pierre Mathieu schrieb:

> I have a problem with .htaccess.
> 
> I give my users the opportunity to create a private directory inside one of
> my sites , using a cgi-script.
> When the create the directory, the script writes  an .htaccess file inside ,
> crypts the user chosen password and writes it down to a password file.

i have little experience with .htaccess, i don`t know if that perl
routine may substitute the usual htpasswd command ? you could try to let
perl call the "htpasswd" with the parameters (you should definitely
verify user input before executing a system or exec based on user
input).

it seems that the cgi script writes the password to a password file
inside the working directory (/site/cgi-bin/) ? this is no good idea, as
the file would be readable by any browser if it`s permissions are set to
666 or 644 (standard when uploaded) !

you should put it outside the /web directory.

-- 

H. P.  Stroebel, Germany

CGI-FAQ for Raq-Newbies :
http://users.iol.it/hpstr/

Yes, I do. But not Yahoo.

References:
- [cobalt-users] htaccess problem on raq3i
  - From: Henri-Pierre Mathieu

Prev by Date: [cobalt-users] RE: [cobalt-developers] Autoresponders...
Next by Date: Re: [cobalt-users] Telnet Login Message
Previous by thread: [cobalt-users] htaccess problem on raq3i
Next by thread: Re: [cobalt-users] htaccess problem on raq3i

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index