Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

.htaccess access questions

Posted on 1997-06-04
2
Medium Priority
?
182 Views
Last Modified: 2013-12-25
I have a few questions about who and what can access and do what with the .htaccess setup.
      What I want to do is have a secure section of my website (I just secured it with .htaccess so only I can log into it) where I can store private information.  But I want to let web surfers at other parts of my site submit info into a perl script and have the perl script store the information in the secure directory.  Once stuck in the directory, they shouldn't be able to gain access to it, only myself with the password should be able to do this.
      If I secure this directory with .htaccess, can I allow a perl script from outside the directory to append to a file within the directory without compromising the security of the directory and allowing unauthorized users to get ahold of the info contained there?  I could simply only give write permissions to the file, but I need to be able to access it once I enter my password and log into the secure directory. Thanks. - Tai Luxon
0
Comment
Question by:tluxon
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
2 Comments
 
LVL 2

Accepted Solution

by:
mkornell earned 200 total points
ID: 1828177
The short answer is "Yes".
0
 
LVL 2

Expert Comment

by:mkornell
ID: 1828178
The long answer is:

.htaccess file specify permissions only for serving web requests.  They control whether or a user has permission to access certain files or directories, and which CGI scripts can be executed.

However, once a CGI program is executed, it has no idea of the web-level permissions.  The CGI program's access is determined the OS-level priveleges.Think of it this way: .htaccess files determine who can run a CGI program from the web.  OS-level permissions determine what that program can do once it starts running.

As long as the userid the CGI Perl script runs as (i.e. the userid the HTTP server runs as) has OS-level permission to write to that file, it can.  The Perl script can use any file in the file system that it has OS-level access to, even if the file is outside the Web directory tree.


As far as "unauthorized access" goes, do you mean via the Web?  If so, you've effectively sealed that off with the .htaccess file.

How do you read that file?  Through another Perl script?  You need to make sure that the .htaccess file in the cgi-bin directory (or wherever that Perl script is) only grants permission to you to execute the Perl script that reads the file.  (Of course, if you access it directly, as you would an html file or jpeg, you don't have to worry about this.)

--mark;
0

Featured Post

Enroll in September's Course of the Month

This month’s featured course covers 16 hours of training in installation, management, and deployment of VMware vSphere virtualization environments. It's free for Premium Members, Team Accounts, and Qualified Experts!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Batch, VBS, and scripts in general are incredibly useful for repetitive tasks.  Some tasks can take a while to complete and it can be annoying to check back only to discover that your script finished 5 minutes ago.  Some scripts may complete nearly …
In threads here at EE, each comment has a unique Identifier (ID). It is easy to get the full path for an ID via the right-click context menu. However, we often want to post a short link within a thread rather than the full link. This article shows a…
Learn the basics of strings in Python: declaration, operations, indices, and slicing. Strings are declared with quotations; for example: s = "string": Strings are immutable.: Strings may be concatenated or multiplied using the addition and multiplic…
The viewer will learn how to create and use a small PHP class to apply a watermark to an image. This video shows the viewer the setup for the PHP watermark as well as important coding language. Continue to Part 2 to learn the core code used in creat…

715 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question