You are viewing a plain text version of this content. The canonical link for it is here.
Posted to modperl@perl.apache.org by James G Smith <JG...@TAMU.Edu> on 2000/11/16 19:12:16 UTC
Re: security suggestion
Adam Prime <ap...@brunico.com> wrote:
>The servers that had apache on them for users when i was at school didn't
>even allow normal cgi, so i have no idea how one would approach doing
>something like this with mod_perl.
Even more convoluted is when a user can ExecCGI, but only via suexec.
mod_perl would get around the suexec protections. Especially on student web
servers where there are (potentially) 60,000 people wanting to put up web
pages with CGI. Thankfully, not all the users want to do this. But the issue
is still there. If someone has mod_perl access, they have access to
everything the server can access.
--
James Smith <JG...@TAMU.Edu>, 979-862-3725
Texas A&M CIS Operating Systems Group, Unix