Hello!
I have installed a script that makes chmod 600 accessible by that script only.
I could not download it, read it, nor do anything other than delete it!!!
(User=nobody)
And thats really NOT bad at all on a shared server, eventhough it gives a
basic protection while using REMOTE_USER_AGENT external protection. Its worth it.
And one could encrypt it also. (perl >encypt..)
The defs do not need anymore than chmod 600 anyway
Also all the file must have an internal security routine that will work with a 600 mod file
togather and ask for an external password from password.pm. This means double protection,
however the basic it may be.
Password.pm gives Links SQL different times different chmod automatically.
Moreover the admin.cgi can also be sensitive in this way. If it takes the
IP address of the provider and uses it as an identification that would be the first
step of security. When it finds it that its correct than it asks for the password of the admin.
After the connection is broken, it can change itself into mod 600!!!
The remaining files inside the admin can also be script of admin.cgi driven.
Only script of admin can access them.
May be this is going too far....
------------------
rajani
I have installed a script that makes chmod 600 accessible by that script only.
I could not download it, read it, nor do anything other than delete it!!!
(User=nobody)
And thats really NOT bad at all on a shared server, eventhough it gives a
basic protection while using REMOTE_USER_AGENT external protection. Its worth it.
And one could encrypt it also. (perl >encypt..)
The defs do not need anymore than chmod 600 anyway
Also all the file must have an internal security routine that will work with a 600 mod file
togather and ask for an external password from password.pm. This means double protection,
however the basic it may be.
Password.pm gives Links SQL different times different chmod automatically.
Moreover the admin.cgi can also be sensitive in this way. If it takes the
IP address of the provider and uses it as an identification that would be the first
step of security. When it finds it that its correct than it asks for the password of the admin.
After the connection is broken, it can change itself into mod 600!!!
The remaining files inside the admin can also be script of admin.cgi driven.
Only script of admin can access them.
May be this is going too far....
------------------
rajani
