Re: creating a mSQL database with a www cgi

Quoth Kee Hinckley:
>At 4:43 PM  -0400 5/9/96, Jason T Vincent wrote:
>>     Hey all,
>>     I can create a database in MSQL by running  a perl cgi from the
>>     command line, but once I try to run the cgi through netscape it does
>>     not create the database.  My guess is that it is not being created
>>     because the server thinks that user 'nobody' is trying to create the
>>     database.  Is there a way to do this without creating a huge security
>>     hole?
>I'd recommend running your server as somebody.  Anytime you've got a server
>that is going to be creating and/or modifying the system I think it's safer
>to make it an actual user than make everything world-writable.  It's
>certainly far more manageable.

I definitely would not recommend running the server as somebody.  It isn't
necessary and if the server is somebody it is less not more secure.  Why
not create a directory for the database to be created and give that
directory to nobody.  That is what I do.  No suid or sgid scripts and only
one place where the server can read and write.

Alastair Aitken

Received on Friday, 10 May 1996 04:42:04 UTC