Suppose my friend Fred has a Web site that has grown too big for him to handle by himself. So he gets his buddy Barney to create some of the HTML and draw up a few of the images. How can Barney edit the files on Fred’s hard drive, especially if Barney is on the wrong side of some corporate firewall? Well, Fred could create a CGI script to upload the files into the right place. However, then the script runs as the Web user and not as Fred. This would require Fred to mess with wide-open permissions (or setuid wrappers) and either https authentications or (worse) repeatedly sending the update password over the wire during Basic Authentication handshaking.
Suppose my friend Fred has a Web site that has grown too big for him to handle by himself. So he gets his buddy Barney to create some of the HTML and draw up a few of the images. How can Barney edit the files on Fred’s hard drive, especially if Barney is on the wrong side of some corporate firewall? Well, Fred could create a CGI script to upload the files into the right place. However, then the script runs as the Web user and not as Fred. This would require Fred to mess with wide-open permissions (or setuid wrappers) and either https authentications or (worse) repeatedly sending the update password over the wire during Basic Authentication handshaking.
So Fred takes a different route. He’s running procmail, so he can set up an action based on a specific mail header to cause the content of the message to be dropped into the right place. But what if the content is an image? And what if someone else finds out about that header and fakes a message from Barney?
Well, sticking with the mail route, all we really need is a way to verify that Barney is really the sender and that an arbitrary binary file can get through. It would also be nice if it were encrypted so that no one in the middle can see the secret stuff.
It’s nice that the RSA public-key encryption patent recently expired, because I can now recommend (without fear…
Please log in to view this content.
Not Yet a Member?
Register with LinuxMagazine.com and get free access to the entire archive, including:
