---------- Forwarded message ---------- Date: Wed, 13 Feb 2002 09:05:34 +0900 From: [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: [9fans] CGI
Hello 9fans, Now I am considering about CGI environment of Web server. Let A be a CGI program that is owned by user alice, and assume the program needs to read from file B that must be protected to the accesses from other users. That is, the permission mode is required to be, -r--r----- 16 alice alice .... B Then how can we design Web server on Plan9? In case of UNIX, this problem may be solved using SETUID, or more safely solved using CGI wrapper. Plan9 does not have such an easy way for `none' to become `alice'. Authentication must be required. Public key cryptography may be applied. Let the Web server start with server mode, then httpd can read secret key that is in a file owned by bootes with 400 permission. User alice encrypts her password using public key and puts it somewhere. In executing A, httpd decrypt her key and then become `alice'. I am afraid this scheem gives too much right to httpd. We need only a given CGI can read a given file. Do you have oher solutions? Kenji Arisawa E-mail: [EMAIL PROTECTED]
