[1680] in WWW Security List Archive
Securing Web Server + CGIs
daemon@ATHENA.MIT.EDU (watchman@molhub.mol.net.my)
Wed Mar 20 02:46:05 1996
From: watchman@molhub.mol.net.my
Date: Wed, 20 Mar 1996 10:35:00 +0800 (SGT)
To: www-security@ns2.rutgers.edu
Errors-To: owner-www-security@ns2.rutgers.edu
Greetings All,
I'm pretty much a newbie to this, so I hope u'll bear with me.
If the question I'm going to ask has already been discussed, please point
me to the appropriate site for the info.
Basically, I'm looking for a method/way for allowing multiple users
to update their Web documents ( + CGI programs ) on a Web Server. Those
users would have their own accounts on the Web Server, and their Web
documents have to be updated in real-time.
Now, the method(s) proposed must ensure that security is maintained on
the web server, especially re: CGIs. How do we ensure that malicious CGIs
are not put onto the web server ? Is there any way to restrict the
execution of any CGIs to only a particular directory in the web user's
home directory ?
Another thing is re: Server Side Includes. I have read the book
"Managing Internet Services", but it only touches very briefly on the
topic. What is it really used for ? Is it essential for running CGIs such
as imagemaps ?
I greatly welcome your expert input to the above Qs. General
methods, and those more pertaining to NCSA HTTpd, are greatly appreciated.
thanks in advance,
jeffrey
