Protecting CGI Scripts

[Neil]

Hi,

I have a consultant who is about to access files on our UNIX server
via FTP.
Is there a simple way to protect the CGI scripts from being
copied/stolen while, at the same time, keeping the CGI script actively
available for public use?

Please help!
TIA

 

[Abhinav]

Hi,

I have a consultant who is about to access files on our UNIX server
via FTP.
Is there a simple way to protect the CGI scripts from being
copied/stolen while, at the same time, keeping the CGI script actively
available for public use?

Guess you could provide the appropriate permissions, and keep that
server out of bounds with ftp ...

Please help!
TIA

Regards
Abhinav

 

[kodo]

Hi,

I have a consultant who is about to access files on our UNIX server
via FTP.
Is there a simple way to protect the CGI scripts from being
copied/stolen while, at the same time, keeping the CGI script actively
available for public use?

Please help!
TIA

This is not a perl-related question, is it?
But anyway, what about using the permission-system your filesystem
offers you? ask the administrator of that server, I'm sure he can do
that.

--

greetings,

kodo

[ http://kodo.me.uk ]

 

[James Willmore]

I have a consultant who is about to access files on our UNIX server via
FTP.
Is there a simple way to protect the CGI scripts from being
copied/stolen while, at the same time, keeping the CGI script actively
available for public use?

Perl != CGI

So, with this in mind .... this question is better suited to a newsgroup
that deals with Unix security or deals with the ins and outs of whatever
web server you're using.

To get you started, your permissions on your scripts *may* be altered from
755 to 750 (which basically means that, the owner can read, write and
execute the scripts, the group can read and execute the scripts, and the
rest of the world gets nada). There are other factors to consider ...
which I'll leave up to you to find out

HTH

--
Jim

Copyright notice: all code written by the author in this post is
released under the GPL. http://www.gnu.org/licenses/gpl.txt
for more information.

a fortune quote ...
Andrea: Unhappy the land that has no heroes. Galileo: No, unhappy
the land that needs heroes. -- Bertolt Brecht, "Life of
Galileo"

 

[ctcgag]

Hi,

I have a consultant who is about to access files on our UNIX server
via FTP.
Is there a simple way to protect the CGI scripts from being
copied/stolen while, at the same time, keeping the CGI script actively
available for public use?

Please help!

Presumably your FTP server will be rooted somewhere that does not overlap
with cgi-bin. But the fact that you ask that on a Perl newsgroup makes
me think you won't understand what I said. (You need to hire another
consultant--a security one--to keep an eye on the first consultant.)


Xho

 

[pkent]

I have a consultant who is about to access files on our UNIX server
via FTP.
Is there a simple way to protect the CGI scripts from being
copied/stolen while, at the same time, keeping the CGI script actively
available for public use?

If I were doing it, my solution might be to only give the consultant a
user or FTP account that is able to access files that you want them to
access. The webserver user can of course access those files _and_
others. Ensure that user account only has FTP acccess, and maybe use
your FTP daemon's access controls to restrict access further than the
plain filesystem permissions allow.

Depending on your directory structure you might find that you can use
the basic unix file permissions to restrict what the consultant can
read. Maybe you can use the restrictions in the FTP daemon to add
further limits. Maybe you can use symlinks, a chroot, a jail, a copying
process, or a "mount --bind". Maybe, in the worst case, you need to
avoid giving them an FTP account at all, and manually send them the
files (and then recieve the files from them and manually put them back
on the filesystem).

If you're that worried about third party access maybe it's better that
you do not grant them an account on the server, and opt for something
like the last option. You might also want to consult your legal team
about your intellectual property rights, the consultant's contract, your
territory's copyright laws, etc etc. Anyway, is this consultant really
likely to try to steal any of your code or are you being (rightly, in
this day and age) paranoid about security ?

P