Solved

.htaccess access questions

Posted on 1997-06-04
2
174 Views
Last Modified: 2013-12-25
I have a few questions about who and what can access and do what with the .htaccess setup.
      What I want to do is have a secure section of my website (I just secured it with .htaccess so only I can log into it) where I can store private information.  But I want to let web surfers at other parts of my site submit info into a perl script and have the perl script store the information in the secure directory.  Once stuck in the directory, they shouldn't be able to gain access to it, only myself with the password should be able to do this.
      If I secure this directory with .htaccess, can I allow a perl script from outside the directory to append to a file within the directory without compromising the security of the directory and allowing unauthorized users to get ahold of the info contained there?  I could simply only give write permissions to the file, but I need to be able to access it once I enter my password and log into the secure directory. Thanks. - Tai Luxon
0
Comment
Question by:tluxon
  • 2
2 Comments
 
LVL 2

Accepted Solution

by:
mkornell earned 50 total points
ID: 1828177
The short answer is "Yes".
0
 
LVL 2

Expert Comment

by:mkornell
ID: 1828178
The long answer is:

.htaccess file specify permissions only for serving web requests.  They control whether or a user has permission to access certain files or directories, and which CGI scripts can be executed.

However, once a CGI program is executed, it has no idea of the web-level permissions.  The CGI program's access is determined the OS-level priveleges.Think of it this way: .htaccess files determine who can run a CGI program from the web.  OS-level permissions determine what that program can do once it starts running.

As long as the userid the CGI Perl script runs as (i.e. the userid the HTTP server runs as) has OS-level permission to write to that file, it can.  The Perl script can use any file in the file system that it has OS-level access to, even if the file is outside the Web directory tree.


As far as "unauthorized access" goes, do you mean via the Web?  If so, you've effectively sealed that off with the .htaccess file.

How do you read that file?  Through another Perl script?  You need to make sure that the .htaccess file in the cgi-bin directory (or wherever that Perl script is) only grants permission to you to execute the Perl script that reads the file.  (Of course, if you access it directly, as you would an html file or jpeg, you don't have to worry about this.)

--mark;
0

Featured Post

Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

Join & Write a Comment

Suggested Solutions

Introduction:   Welcome to my first article ever. To begin with, the reason I write this article.  I participated in a question on Experts Exchange about the start command in Windows and there were some discussion about the usage. The discussio…
This article is meant to give a basic understanding of how to use R Sweave as a way to merge LaTeX and R code seamlessly into one presentable document.
Learn the basics of lists in Python. Lists, as their name suggests, are a means for ordering and storing values. : Lists are declared using brackets; for example: t = [1, 2, 3]: Lists may contain a mix of data types; for example: t = ['string', 1, T…
Learn the basics of while and for loops in Python.  while loops are used for testing while, or until, a condition is met: The structure of a while loop is as follows:     while <condition>:         do something         repeate: The break statement m…

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now