l i n u x - u s e r s - g r o u p - o f - d a v i s
L U G O D
 
Next Meeting:
April 21: Google Glass
Next Installfest:
TBD
Latest News:
Mar. 18: Google Glass at LUGOD's April meeting
Page last updated:
2004 Sep 13 17:45

The following is an archive of a post made to our 'vox-tech mailing list' by one of its subscribers.

Report this post as spam:

(Enter your email address)
Re: [vox-tech] secure form to ascii file?
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [vox-tech] secure form to ascii file?



On Monday 13 September 2004 05:23 pm, Bill Kendrick wrote:
> On Mon, Sep 13, 2004 at 03:05:21PM -0700, Lewis Perdue wrote:
> > I need a web form that writes to a file in comma-delimited ascii with a 
> > time/date stamp ...I know a lot of the perl scripts out there have holes 
> > CGI exploit holes. Does anyone have a secure recommendation?
> 
> The kind of Perl-script exploits I still see are old form-to-mail scripts
> being abused to send spam.  (Some complete moron sent me a couple of
> "your paypal account needs updating" phish attempts via one recently.
> Man, what an idiot! :^) )
> 
> Anyway, Perl should be fine, assuming you follow all the good rules pointed
> out when people teach Perl-for-CGI-development.  PHP would do great for
> this, too.
> 
> My one concern is how the permissions would be handled for the file you
> wish the script to write to.  (Anyone here have recommendations?)

The PHP or Perl script would be running with the permissions
of the web server, so you can just make sure the file is
writable by that user ("apache" or "httpd" or whatever).

If that's not acceptable then you can write a perl app that
does the logging, make it suid and invoke it from the web
script.  I did something like that recently, which gave me
an enlightening tour of perl's "taint" features.

...
> 'Course now I'm "out" of the web business.
> *Whew!*)

Too bad.  ;-)

-- Rod
_______________________________________________
vox-tech mailing list
vox-tech@lists.lugod.org
http://lists.lugod.org/mailman/listinfo/vox-tech



LinkedIn
LUGOD Group on LinkedIn
Sign up for LUGOD event announcements
Your email address:
facebook
LUGOD Group on Facebook
'Like' LUGOD on Facebook:

Hosting provided by:
Sunset Systems
Sunset Systems offers preconfigured Linux systems, remote system administration and custom software development.

LUGOD: Linux Users' Group of Davis
PO Box 2082, Davis, CA 95617
Contact Us

LUGOD is a 501(c)7 non-profit organization
based in Davis, California
and serving the Sacramento area.
"Linux" is a trademark of Linus Torvalds.

Sponsored in part by:
Sunset Systems
Who graciously hosts our website & mailing lists!