Need Security Help...

Wuzzbent · - Joined: 09 Mar 2004 Posts: 1

I have my site up and working fine.. I am using a couple of various Perl scripts and I'm a bit concerned about security.. I have my \cgi-bin directory mapped through a virtual path.. problem is a couple of the scripts I use don't use encryption and anyone who want's to snoop around could easily figure out how to read the config files and open them retrieving the passwords.. How do I lock out prying eyes in my \cgi-bin directory without effecting the ability of the scripts?

Thanks a bunch..

-Wuzzbent

Update : Forgot to mention I'm on a Windows XP machine...

TRUSTAbyss · - Joined: 29 Oct 2003 Posts: 3752 Location: USA, GA

You can add a custom index.html and drop
that in the cgi-bin directory or you can block
all directory indexing. Thats all you can do !

iNaNimAtE · Posted: Fri Jun 18, 2004 7:10 am Post subject:

(This would be a lot easier on a Linux machine...)

So you have these plain text files sitting with passwords or other sensitive data that anyone who can guess the filename can read? My first response would be to encrypt it! But I don't think you want to do that.

Are you able to change the location of the data files? If you change them to a location that is not readable by anyone on the outside (IE: Out of the root directory), but you can still type C:\path\to\file.txt in the script, as it executes locally, then you will be safe.
_________________
Bienvenidos!

Axis · - Joined: 29 Sep 2003 Posts: 336

Hi Wuzzbent--

What I have done is simply to password protect the sensitive files that are part of the cgi scripts you are using. They will still be read by the script, though they will be not readable over the web.

Regards,
Axis