We help IT Professionals succeed at work.

We've partnered with Certified Experts, Carl Webster and Richard Faulkner, to bring you a podcast all about Citrix Workspace, moving to the cloud, and analytics & intelligence. Episode 2 coming soon!Listen Now

x

.htaccess access questions

tluxon
tluxon asked
on
Medium Priority
199 Views
Last Modified: 2013-12-25
I have a few questions about who and what can access and do what with the .htaccess setup.
      What I want to do is have a secure section of my website (I just secured it with .htaccess so only I can log into it) where I can store private information.  But I want to let web surfers at other parts of my site submit info into a perl script and have the perl script store the information in the secure directory.  Once stuck in the directory, they shouldn't be able to gain access to it, only myself with the password should be able to do this.
      If I secure this directory with .htaccess, can I allow a perl script from outside the directory to append to a file within the directory without compromising the security of the directory and allowing unauthorized users to get ahold of the info contained there?  I could simply only give write permissions to the file, but I need to be able to access it once I enter my password and log into the secure directory. Thanks. - Tai Luxon
Comment
Watch Question

Commented:
The short answer is "Yes".

Not the solution you were looking for? Getting a personalized solution is easy.

Ask the Experts

Commented:
The long answer is:

.htaccess file specify permissions only for serving web requests.  They control whether or a user has permission to access certain files or directories, and which CGI scripts can be executed.

However, once a CGI program is executed, it has no idea of the web-level permissions.  The CGI program's access is determined the OS-level priveleges.Think of it this way: .htaccess files determine who can run a CGI program from the web.  OS-level permissions determine what that program can do once it starts running.

As long as the userid the CGI Perl script runs as (i.e. the userid the HTTP server runs as) has OS-level permission to write to that file, it can.  The Perl script can use any file in the file system that it has OS-level access to, even if the file is outside the Web directory tree.


As far as "unauthorized access" goes, do you mean via the Web?  If so, you've effectively sealed that off with the .htaccess file.

How do you read that file?  Through another Perl script?  You need to make sure that the .htaccess file in the cgi-bin directory (or wherever that Perl script is) only grants permission to you to execute the Perl script that reads the file.  (Of course, if you access it directly, as you would an html file or jpeg, you don't have to worry about this.)

--mark;
Access more of Experts Exchange with a free account
Thanks for using Experts Exchange.

Create a free account to continue.

Limited access with a free account allows you to:

  • View three pieces of content (articles, solutions, posts, and videos)
  • Ask the experts questions (counted toward content limit)
  • Customize your dashboard and profile

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.