.htaccess access questions

I have a few questions about who and what can access and do what with the .htaccess setup.
      What I want to do is have a secure section of my website (I just secured it with .htaccess so only I can log into it) where I can store private information.  But I want to let web surfers at other parts of my site submit info into a perl script and have the perl script store the information in the secure directory.  Once stuck in the directory, they shouldn't be able to gain access to it, only myself with the password should be able to do this.
      If I secure this directory with .htaccess, can I allow a perl script from outside the directory to append to a file within the directory without compromising the security of the directory and allowing unauthorized users to get ahold of the info contained there?  I could simply only give write permissions to the file, but I need to be able to access it once I enter my password and log into the secure directory. Thanks. - Tai Luxon
tluxonAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

mkornellCommented:
The short answer is "Yes".
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
mkornellCommented:
The long answer is:

.htaccess file specify permissions only for serving web requests.  They control whether or a user has permission to access certain files or directories, and which CGI scripts can be executed.

However, once a CGI program is executed, it has no idea of the web-level permissions.  The CGI program's access is determined the OS-level priveleges.Think of it this way: .htaccess files determine who can run a CGI program from the web.  OS-level permissions determine what that program can do once it starts running.

As long as the userid the CGI Perl script runs as (i.e. the userid the HTTP server runs as) has OS-level permission to write to that file, it can.  The Perl script can use any file in the file system that it has OS-level access to, even if the file is outside the Web directory tree.


As far as "unauthorized access" goes, do you mean via the Web?  If so, you've effectively sealed that off with the .htaccess file.

How do you read that file?  Through another Perl script?  You need to make sure that the .htaccess file in the cgi-bin directory (or wherever that Perl script is) only grants permission to you to execute the Perl script that reads the file.  (Of course, if you access it directly, as you would an html file or jpeg, you don't have to worry about this.)

--mark;
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Scripting Languages

From novice to tech pro — start learning today.