httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Roy T. Fielding" <field...@liege.ICS.UCI.EDU>
Subject Re: Change to cgi-bin/printenv
Date Thu, 05 Sep 1996 23:13:54 GMT
> print "<STRONG>User/Group Info</STRONG><BR>\n";
> print "<EM>Effective NAME/UID </EM>: ",(getpwuid($<))[0],"/$<<BR>\n";
> print "<EM>Actual NAME/UID </EM>: ",(getpwuid($>))[0],"/$><BR>\n";
> print "<EM>Effective GROUPS/GIDS </EM>: ";
> foreach $group (split(/ /,$()) {
> 	print "",((getgrgid($group))[0]),"/$group ";
> }
> print "<BR>\n";
> print "<EM>Actual GROUPS/GIDS </EM>: ";
> foreach $group (split(/ /,$))) {
> 	print "",((getgrgid($group))[0]),"/$group ";
> }
> print "<BR>\n";

What are the security implications of revealing the user and group
ids of the server by way of a semi-standard URL?

I think adding that would also require adding some sort of authentication,
in which case it would be better done as a separate script.

......Roy

Mime
View raw message