
                CGIWrap - Publications that Mention CGIWrap
     _________________________________________________________________

  Special Edition - Using CGI:

   Publisher:
          Que Corporation

   Excerpt (750-751):
          A better solution to the problem of deciding which user a
          script runs as when multiple people have CGI access is the
          CGIWrap program. CGIWrap, which is included on the CD that
          accompanies this book, is a simple wrapper that executes a CGI
          script as the user that owns the file instead of the user that
          the server specifies. This simple precaution leaves the script
          owner responsible for the damage it can do.

          For instance, if the user "joanne" owns a CGI script that's
          wrapped in CGIWrap, the server will execute the script as user
          "joanne." In this way, CGIWrap acts like a setuid bit but has
          the added advantage of being controlled by the Web server
          rather than the operating system. That means that anybody who
          sneaks through any security holes in the script will be limited
          to whatever "joanne" herself can do-the files she can read and
          delete, the directories she can view, and so on.

          Because CGIWrap puts CGI script authors in charge of the
          permissions for their own scripts, it can be a powerful tool
          not only to protect important files owned by others, but to
          motivate people to write secure scripts. The realization that
          only their files would be in danger can be a powerful persuader
          to script authors.

          Excerpted with permission from Special Edition Using CGI
          Copyright  1996, Que Corporation

   Comments:
          The book is pretty good, at least in the copy I got, they say
          that CGIwrap is included on the CD, but I can't find it
          anywhere.

Other References

     * Special Edition, Using Perl for Web Programming, Ch. 9
     * Perl 5 By Example, Ch 9.
     * SD Magazine Feature - Safe CGI Scripting
     * WWW Security FAQ - CGI Scripts
     * CGI Developers Guide - Ch. 9
     * Notes on the Security of a UNIX Web Server
     * Boxed and Wrapped - Lincoln D. Stein
     * CGI FAQ
     * Maximum Security - Hackers Guide to Protecting...
