Gossamer Forum
Home : Products : Gossamer Links : Discussions :

Security Issue - Setting /Admin permissions

Quote Reply
Security Issue - Setting /Admin permissions
When I walk away from my Links SQL database for a break (where I won't be able to watch it 24/7) I'd like to issue a blanket chmod 000 to restrict access to the casual script kiddie/hacker looking for an easy in to a Links SQL site.

Which directories would it be safe to do this for? I looked in the cgi-bin/linksql/admin directory and I noticed some things that look like they may in fact be used for the operation of the program, so i wasn't sure what to do.

Thanks in advance!
Quote Reply
Re: [takacsj] Security Issue - Setting /Admin permissions In reply to
If you manage your own dedicated server, then when compromised, the damages would go much beyond LSQL. In case you are on shared hosting account, that's the responsibility of your service provider.

HyTC
Quote Reply
Re: [HyperTherm] Security Issue - Setting /Admin permissions In reply to
Thanks for the heads up. I manage three of my own dedicated servers.

In any event, perhaps I need a different approach in asking the question. Which directories and cgi scripts may I safely delete considering the only thing I appear to use is page.cgi, and jump.cgi?
Ill tar czvf the unnecessary stuff, and tar xzvf when needed.
Quote Reply
Re: [takacsj] Security Issue - Setting /Admin permissions In reply to
If you want to be completely safe for a longer iterval, chmod your admin.cgi to 644 or 600.
But this means you will no longer able to log in, into LSQL Admin interface!!!
Personally I never decreased admin.cgi permission, but I renamed to another name, so nobody could guess it.

Best regards,
Webmaster33


Paid Support
from Webmaster33. Expert in Perl programming & Gossamer Threads applications. (click here for prices)
Webmaster33's products (upd.2004.09.26) | Private message | Contact me | Was my post helpful? Donate my help...