Mailing List Archive


Back to the month index Back to the list index
Alvin Oga (alvin@planet.fef.com)
Tue, 21 Jan 1997 23:07:57 -0800 (PST) 

Message-Id: <m0vmwmr-00047FC@planet>
From: alvin@planet.fef.com (Alvin Oga)
Subject: Re: [mSQL] HELP: mSQL/UNIX Security problems
Date: Tue, 21 Jan 1997 23:07:57 -0800 (PST)

Hi

I am working on something similar...( temporarily not worrying too much
about database security issues )

My questions are:
1. as WebMaster ( running apache ), I cannot create and delete database
    using the "cgi-bin/w3-sql/bin/msqladmin" executable.
        ( WebMaster is getting permission denied problems...even though
        ( the mSQL tree is writable by WebMaster group

    but as "root", it all works...

2. I'm also getting msqlInitFieldList() errors...even though i have it defined as:

        $res = msqlInitFieldList ($sock, "test", "test");
        $field = msqlListField($res);
        while( # $res > 0)
        {
            echo("Name $field[0]\n");
            $field = msqlListField($res);
        }
        
--->>> W3-mSQL Runtime Error! - Too many params in call to msqlInitFieldList()
 

planet:/usr/local/Hughes$ ls -la
drwxrwxr-x 7 msql web 1024 Jan 21 17:59 msqldb/

planet:/usr/local/Hughes$ ls -la msqldb
drwxrwx--- 2 msql web 1024 Jan 21 17:59 test/
drwxrwx--- 2 msql web 1024 Jan 21 17:59 test2/

planet:/usr/local/Hughes$ ls -la msqldb/test
-rw-rw---- 1 msql web 1809 Jan 21 20:45 test.dat
-rw-rw---- 1 msql web 468 Jan 21 17:59 test.def
-rw-rw---- 1 msql web 144 Jan 21 17:59 test.idx
-rw-rw---- 1 msql web 573468 Jan 21 20:45 test.idx-idx1
-rw-rw---- 1 msql web 4 Jan 21 17:59 test.ofl
-rw-rw---- 1 msql web 2049 Jan 21 20:45 test2.dat
-rw-rw---- 1 msql web 312 Jan 21 17:59 test2.def
-rw-rw---- 1 msql web 144 Jan 21 17:59 test2.idx
-rw-rw---- 1 msql web 573468 Jan 21 20:45 test2.idx-idx1
-rw-rw---- 1 msql web 4 Jan 21 17:59 test2.ofl

all this is on Linux-2.0.27 w/ Apache-1.2b4 w/ perl5.003 w/ mSQL-2.b3

any hints would be appreciated
alvin

> I'm working on a project involving mSQL 1.16 on a UNIX multi-user
> machine where I'm not the sysadmin.
>
> I made a db writable and readable only by me and nobody, cause the
> net surfer shall read from and some people other than me shall write into
> some tables via a web interface (of course the latters must
> authenticate first).
>
> The question: can any other user from the same UNIX group as nobody
> (or as me) read or write the tables ?
>
> Is there anybody out there who worries about security problems with mSQL/UNIX ?
> I'd like to exchange some experiences.
>
> Thanks
>
> -------------------------------------------------------
> Giancarlo Russo
> INTERFERENZA (net services, web & graphics design)
> web: http://www.interferenza.com
> e-mail: interf@interferenza.com
> tel: +39 823 492123 - cell: 0347 2453658
> home page: http://www.interferenza.com/personal/giangy
> -------------------------------------------------------
> --------------------------------------------------------------------------
> To remove yourself from the Mini SQL mailing list send a message containing
> "unsubscribe" to > "unsubscribe" to msql-list-request@bunyip.com. Send a message containing
> "info msql-list" to majordomo@bunyip.com for info on monthly archives of
> the list. For more help, mail owner-msql-list@bunyip.com NOT the msql-list!
>

--------------------------------------------------------------------------
To remove yourself from the Mini SQL mailing list send a message containing
"unsubscribe" to "unsubscribe" to msql-list-request@bunyip.com. Send a message containing
"info msql-list" to majordomo@bunyip.com for info on monthly archives of
the list. For more help, mail owner-msql-list@bunyip.com NOT the msql-list!