[fpc-pascal]Login CGI
Cyril Lamy
Cyril.Lamy at esial.uhp-nancy.fr
Tue Oct 16 14:54:54 CEST 2001
> If you want to have root privileges, simply make the CGI program
> setuid root.
> But don't blame me, if someone kills your system!
It is very dangerous to run a cgi script as root.
any hole in the cgi can be an enty point to break your system
I recently made an web-interface to create unix accounts on a server :
You have a form that require a the username and a password to create
the corresponding account.
This page is protected by a .htaccess (the server is running apache).
When you validate the form, the cgi create a file containing the username
and the plain password. (not
very sure, of course but more secure than running cgi as root).
Then , the cron daemon execute all ten minutes a program that have the
setuid set to root and this program
read the file created by the cgi, verify datas and then create unix
accounts.
This method is not 100%secure but it shows you how to avoid cgi running as
root.
More information about the fpc-pascal
mailing list