[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [cobalt-users] protecting text files in my cg-bin directory from prying eyes

Subject: RE: [cobalt-users] protecting text files in my cg-bin directory from prying eyes
From: "hirsh -e-skwirtz" <hirsheskwirtz@xxxxxxxxxxx>
Date: Fri Oct 20 18:49:50 2000
List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>

these are not security holes...

rather it is the way you have set up your scripts...

i would imagine you can tell your script where to write your files?

make a directory on your server ahead of your "web' folder, a non publicarea of your server and your problems will be solved.

all of our database and pasword information is stored in non publicaccessable areas of our server....

where in the world do you get the notion that your specific problem is infact a security hole?

From: "Dan Kriwitsky" <dan@xxxxxxxxxxxxx>
Reply-To: <dan@xxxxxxxxxxxxx>
To: <cobalt-users@xxxxxxxxxxxxxxx>

Subject: RE: [cobalt-users] protecting text files in my cg-bin directoryfrom prying eyes

Date: Fri, 20 Oct 2000 13:22:32 -0400

> I have searched the archives and found lots of posts on directorybrowsing

> and how to disable it.  I have a more specific question.  I have added
> index.html files to all my directories to keep people from being able to
> get directory listings via there web browsers.  However, they can still

> view any non-executable files via their browser if they happen to knowor

> guess the file name.  For example, I have several log and data files

> written to by my cgi-bin scripts that live in my cgi-bin directory.Some

> of these files contain sensitive information and I do not want
> people to be
> able to read the files via their browsers.
>
> What is the easiest way to fix this security hole?
>
Move the logs to /home/sites/site#/new_dir
Since they're "above" the web directory, they can't be browsed.

--
Dan Kriwitsky



_______________________________________________
cobalt-users mailing list
cobalt-users@xxxxxxxxxxxxxxx
To Subscribe or Unsubscribe, please go to:
http://list.cobalt.com/mailman/listinfo/cobalt-users


_________________________________________________________________________
Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com.

Share information about yourself, create your own public profile athttp://profiles.msn.com.

Prev by Date: [cobalt-users] RaQBaQ Moved!
Next by Date: [cobalt-users] [RaQ3] /boot/System.map has an incorrect kernel version
Previous by thread: [cobalt-users] protecting text files in my cg-bin directory from prying eyes
Next by thread: [cobalt-users] How to install/configure majorcool

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index