Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: WebApp secure access to protected files/programs
Special Forums Cybersecurity WebApp secure access to protected files/programs Post 302504322 by salukibob on Monday 14th of March 2011 10:10:13 AM
Old 03-14-2011
WebApp secure access to protected files/programs
Hello,

I'm working on an embedded linux project that provides a devices that uses an IPSec VPN (using racoon) to connect back to base. The device also hosts a WebApp that allows admin users to change many aspect of the networking setup, including things like the VPN pre-shared-key, IP addresses and user passwords. This requires the WebApp to be able to access protected files such as /etc/network/interfaces, and racoons psk.txt as well as programs such as usermod.

My question is, what is the best and most secure method of accessing these protected files from the WebApp code?

The WebApp is running through lighttpd, and uses php for the server-side scripting. Currently, php code calls shell scripts (using exec() ) outside of the document-root that then access the files. The shell scripts are owned by the webapp user, and use sudo to access protected files and programs. This requires the webapp user to have permissions in the sudoers files for programs such as cp, cat, and usermod. All of which I believe make this a very insecure system. The only other choice I thought was to setuid the shell scripts.

What would be the normal method of accomplishing such things for a web application? Any advice on a secure method of doing this would be most appreciated.

Thanks very much
Rob
 

6 More Discussions You Might Find Interesting

1. Solaris

secure access using sudo

I just need to know what should be done on a login user so that no one can access it except through sudo i.e. telnet server login: user NO ACCESS telnet server login: mylogin sudo - user <any command> ACCESS GRANTED thanks (0 Replies)
Discussion started by: melanie_pfefer
0 Replies

2. UNIX for Dummies Questions & Answers

What programs access shared library file

I was curious how to tell which programs are accessing a file (libobjc.A.dylib) in /usr/lib This file seems to be the culprit in a bunch of Safari crashes, and I just wanted to know if and what other programs use it. Also, I was curious what a good way to find out what files are being written... (4 Replies)
Discussion started by: glev2005
4 Replies

3. Shell Programming and Scripting

Unzipping files <password protected>

Hie Friends, I need your help once again. I have 77 “password protected” winzip files in linux/unix server. I want to decrypt it through an automated script. Password of every file is same and it is mhd*tt. Please help me. Usually I unzip it as follows, manually one by one. unzip <file name> ... (6 Replies)
Discussion started by: anushree.a
6 Replies

4. Debian

Secure ftp access to outside chroot

I want to setup ftp on my home server running debian 5.0 I found this guide and have read it carefully. Virtual Hosting With PureFTPd And MySQL (Incl. Quota And Bandwidth Management) On Debian Lenny | HowtoForge - Linux Howtos and Tutorials Before I install/config it I want to know if its... (1 Reply)
Discussion started by: chipmunken
1 Replies

5. UNIX for Dummies Questions & Answers

How to access/run c programs on Putty?

Hi all, I wrote a couple noobie programs and had them compiled over Putty (using gcc), but I don't know what command I should use to run them. Please assume that I'm a complete noob when it comes to programming and putty commands. Thank you for your help! (1 Reply)
Discussion started by: Recycalable
1 Replies

6. Programming

Regarding the protected variables access

Hello forum, I am siva working as programmer .I was blocked with the below issue so please help any of the forum memebers. testve.h class cv { protected : struct state; state& m_state; }; testVe.cpp struct state { m_size; } the above are 2 files which have the... (3 Replies)
Discussion started by: workforsiva
3 Replies

LEARN ABOUT DEBIAN

test::www::mechanize::cgiapp

Test::WWW::Mechanize::CGIApp(3pm)			User Contributed Perl Documentation			 Test::WWW::Mechanize::CGIApp(3pm)

NAME

       Test::WWW::Mechanize::CGIApp - Test::WWW::Mechanize for CGI::Application

SYNOPSIS

	 # We're in a t/*.t test script...
	 use Test::WWW::Mechanize::CGIApp;

	 my $mech = Test::WWW::Mechanize::CGIApp->new;

	 # test a class that uses CGI::Application calling semantics.
	 # (in this case we'll new up an instance of the app and call
	 # its ->run() method)
	 #
	 $mech->app("My::WebApp");
	 $mech->get_ok("?rm=my_run_mode&arg1=1&arg2=42");

	 # test a class that uses CGI::Application::Dispatch
	 # to locate the run_mode
	 # (in this case we'll just call the ->dispatch() class method).
	 #
	 my $dispatched_mech = Test::WWW::Mechanize::CGIApp->new;
	 $dispatched_mech->app("My::DispatchApp");
	 $mech->get_ok("/WebApp/my_run_mode?arg1=1&arg2=42");

	 # create an anonymous sub that this class will use to
	 # handle the request.
	 #
	 # this could be useful if you need to do something novel
	 # after creating an instance of your class (e.g. the
	 # fiddle_with_stuff() below) or maybe you have a unique
	 # way to get the app to run.
	 #
	 my $custom_mech = Test::WWW::Mechanize::CGIApp->new;
	 $custom_mech->app(
	    sub {
	      require "My::WebApp";
	      my $app = My::WebApp->new();
	      $app->fiddle_with_stuff();
	      $app->run();
	    });
	 $mech->get_ok("?rm=my_run_mode&arg1=1&arg2=42");

	 # at this point you can play with all kinds of cool
	 # Test::WWW::Mechanize testing methods.
	 is($mech->ct, "text/html");
	 $mech->title_is("Root", "On the root page");
	 $mech->content_contains("This is the root page", "Correct content");
	 $mech->follow_link_ok({text => 'Hello'}, "Click on Hello");
	 # ... and all other Test::WWW::Mechanize methods

DESCRIPTION

       This package makes testing CGIApp based modules fast and easy.  It takes advantage of Test::WWW::Mechanize to provide functions for common
       web testing scenarios. For example:

	 $mech->get_ok( $page );
	 $mech->title_is( "Invoice Status",
			  "Make sure we're on the invoice page" );
	 $mech->content_contains( "Andy Lester", "My name somewhere" );
	 $mech->content_like( qr/(cpan|perl).org/,
			     "Link to perl.org or CPAN" );

       For applications that inherit from CGI::Application it will handle requests by creating a new instance of the class and calling its "run"
       method.	For applications that use CGI::Application::Dispatch it will call the "dispatch" class method.	If neither of these options are
       the right thing, you can set a reference to a sub that will be used to handle the request.

       This module supports cookies automatically.

       Check out Test::WWW::Mechanize for more information about all of the cool things you can test!

CONSTRUCTOR

       new

       Behaves like, and calls, Test::WWW::Mechanize's "new" method.  It optionally uses an "app" parameter (see below), any other parameters get
       passed to Test::WWW::Mechanize's constructor. Note that you can either pass the name of the CGI::Application into the constructor using the
       "app" parameter or set it later using the "app" method.

	 use Test::WWW::Mechanize::CGIApp;
	 my $mech = Test::WWW::Mechanize::CGIApp->new;

	 # or

	 my $mech = Test::WWW::Mechanize::CGIApp->new(app => 'TestApp');

METHODS

       $mech->app($app_handler)

       This method provides a mechanism for informing Test::WWW::Mechanize::CGIApp how it should go about executing your run_mode.  If you set it
       to the name of a class, then it will load the class and either create an instance and ->run() it (if it's CGI::Application based), invoke
       the ->dispatch() method if it's CGI::Application::Dispatch based, or call the supplied anonymous subroutine and let it do all of the heavy
       lifting.

SEE ALSO

       Related modules which may be of interest: Test::WWW::Mechanize, WWW::Mechanize.

       Various implementation tricks came from Test::WWW::Mechanize::Catalyst.

AUTHOR

       George Hartzell, "<hartzell@alerce.com>"

       based on Test::WWW::Mechanize::Catalyst by Leon Brocard, "<acme@astray.com>".

COPYRIGHT

       Copyright (C) 2007, George Hartzell

       This module is free software; you can redistribute it or modify it under the same terms as Perl itself.

perl v5.8.8							    2008-03-12					 Test::WWW::Mechanize::CGIApp(3pm)
All times are GMT -4. The time now is 10:27 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy