----- Original Message -----
From: Jon Brisbin <brisbin@ipa.net>
To: Jack Cushman <jcushman@davanita.com>; <embperl@perl.apache.com>
Sent: Tuesday, August 01, 2000 11:55 AM
Subject: Re: persistent problem: FIXED...well sorta
> > What permissions are on that [/usr/www/jbrisbin/httpd/cgi-bin/tmp]
> directory?
>
> 700
>
> > anybody, I think. Should we assume that people with telnet accounts may
be
> > malicious?
>
> on this particular machine, i'm in my own group, so no other users have
> access to my files...and i don't provide any telnet access for my
> setup...others, of course, will be different ;-)
>
> my machines at work would be a problem, for example, because our setup is
a
> little different...for one thing, we don't have a dedicated /cgi-bin
> alias...we execute scripts everywhere. i also allow indexes for
debugging,
> etc.. purposes. we also run the server as nobody, so the sessions files
> would be vulnerable to mailcious attacks through a web browser, but not
> through telnet accounts because those folks are all in their own groups...
>
> i'm going to try and run the mysql session stuff on our linux boxes at
work
> and see what happens...if i can do it that way..that's prefereable to the
> file-based stuff...which i was using in Apache::ASP and CGI::Persistent...
>
> jb
>
>
From: Jon Brisbin <brisbin@ipa.net>
To: Jack Cushman <jcushman@davanita.com>; <embperl@perl.apache.com>
Sent: Tuesday, August 01, 2000 11:55 AM
Subject: Re: persistent problem: FIXED...well sorta
> > What permissions are on that [/usr/www/jbrisbin/httpd/cgi-bin/tmp]
> directory?
>
> 700
>
> > anybody, I think. Should we assume that people with telnet accounts may
be
> > malicious?
>
> on this particular machine, i'm in my own group, so no other users have
> access to my files...and i don't provide any telnet access for my
> setup...others, of course, will be different ;-)
>
> my machines at work would be a problem, for example, because our setup is
a
> little different...for one thing, we don't have a dedicated /cgi-bin
> alias...we execute scripts everywhere. i also allow indexes for
debugging,
> etc.. purposes. we also run the server as nobody, so the sessions files
> would be vulnerable to mailcious attacks through a web browser, but not
> through telnet accounts because those folks are all in their own groups...
>
> i'm going to try and run the mysql session stuff on our linux boxes at
work
> and see what happens...if i can do it that way..that's prefereable to the
> file-based stuff...which i was using in Apache::ASP and CGI::Persistent...
>
> jb
>
>