Solved

.htaccess access questions

Posted on 1997-06-04
2
177 Views
Last Modified: 2013-12-25
I have a few questions about who and what can access and do what with the .htaccess setup.
      What I want to do is have a secure section of my website (I just secured it with .htaccess so only I can log into it) where I can store private information.  But I want to let web surfers at other parts of my site submit info into a perl script and have the perl script store the information in the secure directory.  Once stuck in the directory, they shouldn't be able to gain access to it, only myself with the password should be able to do this.
      If I secure this directory with .htaccess, can I allow a perl script from outside the directory to append to a file within the directory without compromising the security of the directory and allowing unauthorized users to get ahold of the info contained there?  I could simply only give write permissions to the file, but I need to be able to access it once I enter my password and log into the secure directory. Thanks. - Tai Luxon
0
Comment
Question by:tluxon
  • 2
2 Comments
 
LVL 2

Accepted Solution

by:
mkornell earned 50 total points
ID: 1828177
The short answer is "Yes".
0
 
LVL 2

Expert Comment

by:mkornell
ID: 1828178
The long answer is:

.htaccess file specify permissions only for serving web requests.  They control whether or a user has permission to access certain files or directories, and which CGI scripts can be executed.

However, once a CGI program is executed, it has no idea of the web-level permissions.  The CGI program's access is determined the OS-level priveleges.Think of it this way: .htaccess files determine who can run a CGI program from the web.  OS-level permissions determine what that program can do once it starts running.

As long as the userid the CGI Perl script runs as (i.e. the userid the HTTP server runs as) has OS-level permission to write to that file, it can.  The Perl script can use any file in the file system that it has OS-level access to, even if the file is outside the Web directory tree.


As far as "unauthorized access" goes, do you mean via the Web?  If so, you've effectively sealed that off with the .htaccess file.

How do you read that file?  Through another Perl script?  You need to make sure that the .htaccess file in the cgi-bin directory (or wherever that Perl script is) only grants permission to you to execute the Perl script that reads the file.  (Of course, if you access it directly, as you would an html file or jpeg, you don't have to worry about this.)

--mark;
0

Featured Post

Master Your Team's Linux and Cloud Stack

Come see why top tech companies like Mailchimp and Media Temple use Linux Academy to build their employee training programs.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This tutorial will discuss the log-in process using WhizBase. In this article I assume you already know HTML. I will write the code using WhizBase Server Pages, so you need to know some basics in WBSP (you might look at some of my other articles abo…
Making a simple AJAX shopping cart Couple years ago I made my first shopping cart, I used iframe and JavaScript, it was very good at that time, there were no sessions or AJAX, I used cookies on clients machine. Today we have more advanced techno…
Learn the basics of modules and packages in Python. Every Python file is a module, ending in the suffix: .py: Modules are a collection of functions and variables.: Packages are a collection of modules.: Module functions and variables are accessed us…
In this fourth video of the Xpdf series, we discuss and demonstrate the PDFinfo utility, which retrieves the contents of a PDF's Info Dictionary, as well as some other information, including the page count. We show how to isolate the page count in a…

856 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question