Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. ModPerl>
  3. ModPerl
Free Embperl Web Space?
wangshui at nyist
Feb 24, 2000, 8:23 AM
Post #1 of 4 (1305 views)
Permalink
Hello everyone!
I consider mod_perl and embperl, mason, etc, are of
great value. but, if i host a site and want to give
away 'free embperl space' to my users, how could i
ensure that one user can not peek into another user's
code (with database password like things in it)?
for example:with apache httpd runs as
user 'nobody:nobody', all users' script will also
inherit this user id, so it can peek whatever the
apache httpd can. am i right?

because i'm not in the list, so please cc to
wangshui@nyist.net

Thanks a lot!
wangshui
RE: Free Embperl Web Space? [ In reply to ]
cgilmore at research
Feb 24, 2000, 9:33 AM
Post #2 of 4 (1264 views)
Permalink
You're right that (assuming you've not hacked around at things) anything that
can be read by the user running the web server can be used in any user's
EmbPerl document.

I don't think you can have walls around users' content without running a
separate virtual host for each user that has that host running as that user.
This requires hacking at suexec. We've done it here, but not with integration
of EmbPerl. It should work, though.

Regards,
Christian

> -----Original Message-----
> From: wangshui@nyist.net [mailto:wangshui@nyist.net]
> Sent: Thursday, February 24, 2000 10:24 AM
> To: modperl@apache.org
> Subject: Free Embperl Web Space?
>
>
> Hello everyone!
> I consider mod_perl and embperl, mason, etc, are of
> great value. but, if i host a site and want to give
> away 'free embperl space' to my users, how could i
> ensure that one user can not peek into another user's
> code (with database password like things in it)?
> for example:with apache httpd runs as
> user 'nobody:nobody', all users' script will also
> inherit this user id, so it can peek whatever the
> apache httpd can. am i right?
>
> because i'm not in the list, so please cc to
> wangshui@nyist.net
>
> Thanks a lot!
> wangshui
>
Re: Free Embperl Web Space? [ In reply to ]
sbekman at iname
Feb 24, 2000, 10:41 AM
Post #3 of 4 (1261 views)
Permalink
> Hello everyone!
> I consider mod_perl and embperl, mason, etc, are of
> great value. but, if i host a site and want to give
> away 'free embperl space' to my users, how could i
> ensure that one user can not peek into another user's
> code (with database password like things in it)?
> for example:with apache httpd runs as
> user 'nobody:nobody', all users' script will also
> inherit this user id, so it can peek whatever the
> apache httpd can. am i right?
>
> because i'm not in the list, so please cc to
> wangshui@nyist.net

Does this help?
http://perl.apache.org/guide/multiuser.html


_______________________________________________________________________
Stas Bekman mailto:sbekman@iname.com http://www.stason.org/stas
Perl,CGI,Apache,Linux,Web,Java,PC http://www.stason.org/stas/TULARC
perl.apache.org modperl.sourcegarden.org perlmonth.com perl.org
single o-> + single o-+ = singlesheaven http://www.singlesheaven.com
RE: Free Embperl Web Space? [ In reply to ]
richter at ecos
Feb 24, 2000, 12:19 PM
Post #4 of 4 (1241 views)
Permalink
> I don't think you can have walls around users' content without running a
> separate virtual host for each user that has that host running as
> that user.
> This requires hacking at suexec. We've done it here, but not with
> integration
> of EmbPerl. It should work, though.
>
This will only work with CGI scripts, but not under mod_perl

Gerald

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal