At 09:02 PM 5/27/01 -0500, Nichole Bialczyk wrote:
>hi, i'm still new at perl and just now getting into security issues and
>the like. basically, my boss wants me to be able to keep others from being
>able to access our stuff. the perl guy before me stored it in our
>public_html/cgi-bin. apparently, this is not the safest thing to do.
>anyone with an afs account could potentially get in. so their original
>solution was to not make it world writable. this caused the logs to stop
>recording.
>
>unfortunately, the perl guy was in an accident and passed away and no one
>else knows perl. i was working on flash when my boss told me to also learn
>perl. so here i am without a clue and my boss wants this fixed by Tue or
>Wed. umm, help?
What do you want, names of better companies to work for?
Seriously, this is a recipe for disaster. You know nothing about Perl and
your boss has given you three days to learn it to fix a difficult security
issue? I have handled security risks from web server sharing on AFS and
the solutions are often extremely complicated ones involving srvtab files.
This is a no-win situation. I feel that even trying to point you in the
right direction of a technical solution is the wrong thing to do. What you
really need is a boss with a clue.
>someone else suggested something like a temp directory or something.
>
>thanks, nichole
--
Peter Scott
Pacific Systems Design Technologies
http://www.perldebugged.com
