- From: ALASTAIR AITKEN CLMS <A.Aitken@unl.ac.uk>
- Date: Fri, 10 May 1996 09:42:15 +0000 (GMT)
- To: www-talk@w3.org
Quoth Kee Hinckley: >At 4:43 PM -0400 5/9/96, Jason T Vincent wrote: >> Hey all, >> >> I can create a database in MSQL by running a perl cgi from the >> command line, but once I try to run the cgi through netscape it does >> not create the database. My guess is that it is not being created >> because the server thinks that user 'nobody' is trying to create the >> database. Is there a way to do this without creating a huge security >> hole? > >I'd recommend running your server as somebody. Anytime you've got a server >that is going to be creating and/or modifying the system I think it's safer >to make it an actual user than make everything world-writable. It's >certainly far more manageable. I definitely would not recommend running the server as somebody. It isn't necessary and if the server is somebody it is less not more secure. Why not create a directory for the database to be created and give that directory to nobody. That is what I do. No suid or sgid scripts and only one place where the server can read and write. Alastair Aitken http://www.unl.ac.uk/~alastair mailto:a.aitken@unl.ac.uk
Received on Friday, 10 May 1996 04:42:04 UTC