WebApp Sec mailing list archives
Re: htaccess with apache
From: Lucas Holt <luke () foolishgames com>
Date: Tue, 4 Nov 2003 16:44:02 -0500
How is it possible to read the files secured with mod_access with a cgi script?
The webserver in most setups starts a "fresh" copy of the CGI program. Basically it runs a separate program. mod_access is an apache module and only affects the apache program and not any programs that apache might start.
I would recommend changing programs or filtering out special characters as other have suggested. Also look into running apache as a separate user. Don't run it as root or nobody.
Lucas Holt Luke () FoolishGames com ________________________________________________________ FoolishGames.com (Jewel Fan Site) JustJournal.com (Free blogging)"Only two things are infinite, the universe and human stupidity, and I'm not sure about the former."
- Albert Einstein (1879-1955)
Current thread:
- Re: htaccess with apache, (continued)
- Re: htaccess with apache António Vasconcelos (Nov 05)
- Re: htaccess with apache Tim Greer (Nov 05)
- Re: htaccess with apache António Vasconcelos (Nov 06)
- Re: htaccess with apache Tim Greer (Nov 06)
- Re: htaccess with apache António Vasconcelos (Nov 11)
- Re: htaccess with apache Tim Greer (Nov 11)
- Re: htaccess with apache Tim Greer (Nov 11)
- RE: htaccess with apache Tim Greer (Nov 05)
- RE: htaccess with apache Dinis Cruz (Nov 11)
- RE: htaccess with apache Tim Greer (Nov 11)