For Programmers: Free Programming Magazines  


Home > Archive > PERL CGI Beginners > March 2005 > CGI::Session file permission?









You are viewing an archived Text-only version of the thread. To view this thread in it's original format and/or if you want to reply to this thread please [click here]

 

Author CGI::Session file permission?
David Garamond

2005-03-29, 3:55 am

Am I right to think that CGI::Session::File driver is insecure? It
creates the session files with a hardcoded 0644 permission, while the
synopsis/examples tell us to store the files in "/tmp".

Regards,
dave
Steven Schubiger

2005-03-29, 8:55 pm

On 29 Mar, David Garamond wrote:

> Am I right to think that CGI::Session::File driver is insecure? It
> creates the session files with a hardcoded 0644 permission, while the
> synopsis/examples tell us to store the files in "/tmp".

You're right, the chmod mode is hard-coded.
Do we desire a patch?

--
Steven Schubiger
<steven@accognoscere.org>
Sponsored Links







Also available: Server administration forum archive | Web Design forum archive | Software forum archive | Hardware reviews archive

Copyright 2008 codecomments.com