OpenVMS with Apache, OSU, and WASD

Chapter 19: User-Developed CGI Scripts

Overview

Some of your users may need or want to develop their own scripts, or to play with downloaded scripts without risking the security of your entire system. There are a couple of reasonable choices. It's not a good idea to let them run IIS (or Personal Web Services, or whatever else it's being called today) on their desktop machines, since that opens many windows of vulnerability that can result in bigger problems later (the Nimda worm, among others).

You could run a separate sandbox machine for them. (If you have a Galaxy system, you could run a separate Galaxy instance for them, but this seems like an unlikely circumstance.)

You could make them e-mail you the scripts for uploading, and you could eyeball them and make sure they were completely okay. The problems with this option are obvious (and include you not having all the time in the world).

You can set up separate CGI-BIN directories that individual users have rights to upload files into. They had better be trusted users, because their scripts will run with the same rights the Web server has. (And that might mean users' scripts could update databases or change files that they don't have rights to change as individuals.)

Here are the realistic options. You could have a separate instance of the Web server that runs under a different user name with lesser privileges and allow users to upload their CGIs into a different CGI-BIN directory. This could work reasonably well, although if...

UNLIMITED FREE
ACCESS
TO THE WORLD'S BEST IDEAS

SUBMIT
Already a GlobalSpec user? Log in.

This is embarrasing...

An error occurred while processing the form. Please try again in a few minutes.

Customize Your GlobalSpec Experience

Category: Web Hosting Services
Finish!
Privacy Policy

This is embarrasing...

An error occurred while processing the form. Please try again in a few minutes.