
                CGIWrap - Publications that Mention CGIWrap
     _________________________________________________________________

  Special Edition - Using CGI:

   Publisher:
          Que Corporation

   Excerpt (750-751):
          A  better  solution  to  the  problem  of deciding which user a
          script  runs  as  when  multiple  people have CGI access is the
          CGIWrap  program.  CGIWrap,  which  is  included on the CD that
          accompanies  this book, is a simple wrapper that executes a CGI
          script  as the user that owns the file instead of the user that
          the  server specifies. This simple precaution leaves the script
          owner responsible for the damage it can do.

          For  instance,  if  the  user "joanne" owns a CGI script that's
          wrapped  in CGIWrap, the server will execute the script as user
          "joanne."  In  this way, CGIWrap acts like a setuid bit but has
          the  added  advantage  of  being  controlled  by the Web server
          rather  than  the operating system. That means that anybody who
          sneaks through any security holes in the script will be limited
          to  whatever "joanne" herself can do-the files she can read and
          delete, the directories she can view, and so on.

          Because  CGIWrap  puts  CGI  script  authors  in  charge of the
          permissions  for  their  own scripts, it can be a powerful tool
          not  only  to  protect  important files owned by others, but to
          motivate  people  to write secure scripts. The realization that
          only their files would be in danger can be a powerful persuader
          to script authors.

          Excerpted with permission from Special Edition Using CGI
          Copyright  1996, Que Corporation

   Comments:
          The  book  is pretty good, at least in the copy I got, they say
          that  CGIwrap  is  included  on  the  CD,  but  I can't find it
          anywhere.

Other References

     * Special Edition, Using Perl for Web Programming, Ch. 9
     * Perl 5 By Example, Ch 9.
     * SD Magazine Feature - Safe CGI Scripting
     * WWW Security FAQ - CGI Scripts
     * CGI Developers Guide - Ch. 9
     * Notes on the Security of a UNIX Web Server
     * Boxed and Wrapped - Lincoln D. Stein
     * CGI FAQ
     * Maximum Security - Hackers Guide to Protecting...
