WebApp Sec mailing list archives

Re: htaccess with apache

From: Lucas Holt <luke () foolishgames com>
Date: Tue, 4 Nov 2003 16:44:02 -0500

How is it possible to read the files secured with mod_access
with a cgi script?

The webserver in most setups starts a "fresh" copy of the CGI program.Basically it runs a separate program. mod_access is an apache moduleand only affects the apache program and not any programs that apachemight start.

I would recommend changing programs or filtering out special charactersas other have suggested. Also look into running apache as a separateuser. Don't run it as root or nobody.




Lucas Holt
Luke () FoolishGames com
________________________________________________________
FoolishGames.com  (Jewel Fan Site)
JustJournal.com (Free blogging)

"Only two things are infinite, the universe and human stupidity, andI'm not sure about the former."

- Albert Einstein (1879-1955)

Current thread:

Re: htaccess with apache, (continued)
- - - Re: htaccess with apache António Vasconcelos (Nov 05)
    - Re: htaccess with apache Tim Greer (Nov 05)
    - Re: htaccess with apache António Vasconcelos (Nov 06)
    - Re: htaccess with apache Tim Greer (Nov 06)
    - Re: htaccess with apache António Vasconcelos (Nov 11)
    - Re: htaccess with apache Tim Greer (Nov 11)
    - Re: htaccess with apache Tim Greer (Nov 11)
- Re: htaccess with apache Vladimir Danilyuk (Nov 04)
- Re: htaccess with apache Tim Greer (Nov 04)
- Re: htaccess with apache Peter Conrad (Nov 04)
- Re: htaccess with apache Lucas Holt (Nov 04)
- Re: htaccess with apache Cameron Green (Nov 04)
- RE: htaccess with apache Anonymous Sender (Nov 04)
- RE: htaccess with apache Maxim Kostioukov (Nov 04)
- RE: htaccess with apache MTeixeira (Nov 05)
  - RE: htaccess with apache Tim Greer (Nov 05)
  - RE: htaccess with apache Dinis Cruz (Nov 11)
    - RE: htaccess with apache Tim Greer (Nov 11)