Inside Attacks: Precautions with Local Users
A common mistake in CGI security is to forget local users. Although people browsing your site over the Web usually won't have access to security considerations, such as file permissions and owners, local users of your Web server do, and you must guard against these threats even more than those from the Web.
Local system security is a big subject, and almost any reference on it will give you good tips on protecting the integrity of your machine from local users. As a general rule, if your system as a whole is safe, your Web site is safe, too.
The CGI Script User
Most Web servers are installed to run CGI scripts as a special user. This is the user that owns the CGI program while it runs, and ...