Gossamer Forum
Home : Products : DBMan : Installation :

"/cgi-bin" is symlinked how to prevent unauthorized access

Quote Reply
"/cgi-bin" is symlinked how to prevent unauthorized access
Dear DBMan support,

I have a version of DBMan installed in a public directory and running with the user-friendly mod and many form modifications inserted by hand, renamed the default files to specific names. All is well with execution, multiple userid's and passwords. The goal is to gather membership information from new users who log-in with a guest user name and guess password.

Now I wish to secure the password file, cfg, and authorization files from unauthorized access or copy. My ISP host will not allow building DBMan in their cgi-bin directory and naming my own cgi-bin is disallowed because cgi-bin is symlinked to the system directory of same name. README says I could hide the sensitive files (like password file) from unauthorized access by renaming ( security through obfuscation). Here are some questions.

1) I'm told my ISP system /cgi-bin directory has 755 permissions, so what is the use of concealing a password file in a /cgi-bin directory with 755 permissions?
2) Using the obfuscation approach I could locate all the script files in a directory seperate from db.cgi, rename the sensitive files and hope for the best?
3) How can my DBMan program allow public access log-in and still prevent the database from unauthorized copy?

I have not yet installed the change_password() mod with this version, want to get the baseline demo working first. Thanks for guidance. -Les
Subject Author Views Date
Thread "/cgi-bin" is symlinked how to prevent unauthorized access lmiklosy 13478 Sep 19, 2010, 8:40 PM
Thread Re: [lmiklosy] "/cgi-bin" is symlinked how to prevent unauthorized access
LoisC 12691 Sep 21, 2010, 10:16 AM
Thread Re: [LoisC] "/cgi-bin" is symlinked how to prevent unauthorized access
lmiklosy 12691 Sep 21, 2010, 1:02 PM
Thread Re: [lmiklosy] "/cgi-bin" is symlinked how to prevent unauthorized access
LoisC 12662 Sep 22, 2010, 4:25 PM
Post Re: [LoisC] "/cgi-bin" is symlinked how to prevent unauthorized access
lmiklosy 12616 Sep 22, 2010, 7:38 PM