Security Issue with Webinator

Post Reply
komara
Posts: 1
Joined: Wed Mar 14, 2001 2:05 pm

Security Issue with Webinator

Post by komara »

I have asked my system administrator to install the Webinator so we can test it to see if we want to buy it.
He's come back with some concerns. Wonder if anyone can address them.

Can the executable files be placed outside htdocs tree?

Can "gw" have a different owner?

Thanks,

Kate O'Mara
User avatar
John
Site Admin
Posts: 2597
Joined: Mon Apr 24, 2000 3:18 pm
Location: Cleveland, OH
Contact:

Security Issue with Webinator

Post by John »

Yes, the executables can be placed outside the htdocs tree. The script file (search) and the various gifs need to be in the htdocs tree, and the texis executable needs to be in a CGI directory.

gw and texis can (and should) be setuid the same user under Unix, so they run as the same user. That user can be one that you create specifically for that purpose.

The default install is the htdocs tree as most users have permission there, and the .htaccess file will prevent undesired access with webservers that respect them.
John Turnbull
Thunderstone Software
Post Reply