Re: cannot run pgps in a cgi script under apache

To: Shao Zhang <shao@cia.com.au>
Cc: Debian Mailing List <debian-user@lists.debian.org>
Subject: Re: cannot run pgps in a cgi script under apache
From: Ethan Benson <erbenson@alaska.net>
Date: Thu, 16 Dec 1999 17:34:28 -0900
Message-id: <v04210102b47f50dcb075@[192.168.0.1]>
In-reply-to: <[🔎] 19991217124938.A8503@localhost>
References: <[🔎] 19991217114634.A5825@localhost> <v04210100b47f4ce8c268@[192.168.0.1]> <[🔎] 19991217124938.A8503@localhost>

On 17/12/99 Shao Zhang wrote:

	I have no other choice. I need it to read the shadow passwd. It
	is only accessible within a private network and all traffic is
	SSL encrypted. So I guess it is pretty secure.

well reading shadow password files from apache is bad anyway (iassume for htaccess?) since it allows very fast and mostlyunstoppable password cracking efforts on your system password files,you might as well just unshadow the passwords since any additionalprotection offered by shadow passwords is completely undone byletting apache read them.

but even for reading shadow passwords you do not need to run as root,run as www-data and group shadow, the shadow files are group shadowreadable.



--
Ethan Benson
To obtain my PGP key: http://www.alaska.net/~erbenson/pgp/

Reply to:

Follow-Ups:
- Re: cannot run pgps in a cgi script under apache
  - From: Shao Zhang <shao@cia.com.au>

References:
- cannot run pgps in a cgi script under apache
  - From: Shao Zhang <shao@cia.com.au>
- Re: cannot run pgps in a cgi script under apache
  - From: Ethan Benson <erbenson@alaska.net>
- Re: cannot run pgps in a cgi script under apache
  - From: Shao Zhang <shao@cia.com.au>

Prev by Date: Re: cvs behind a firewall?
Next by Date: Re: Using 3com modem Independent Mode (without Windows)
Previous by thread: Re: cannot run pgps in a cgi script under apache
Next by thread: Re: cannot run pgps in a cgi script under apache
Index(es):
- Date
- Thread