Page 1 of 1

Security Issue with Webinator

Posted: Wed Mar 14, 2001 2:08 pm
by komara
I have asked my system administrator to install the Webinator so we can test it to see if we want to buy it.
He's come back with some concerns. Wonder if anyone can address them.

Can the executable files be placed outside htdocs tree?

Can "gw" have a different owner?

Thanks,

Kate O'Mara

Security Issue with Webinator

Posted: Wed Mar 14, 2001 2:28 pm
by John
Yes, the executables can be placed outside the htdocs tree. The script file (search) and the various gifs need to be in the htdocs tree, and the texis executable needs to be in a CGI directory.

gw and texis can (and should) be setuid the same user under Unix, so they run as the same user. That user can be one that you create specifically for that purpose.

The default install is the htdocs tree as most users have permission there, and the .htaccess file will prevent undesired access with webservers that respect them.