It seems that when running a Web Edition CGI on a computer, the application has full access to the whole computer. Is there any way to restrict access from a CGI to ‘see’ only from its directory down?
Depends on the OS. On a Mac (I think you are using) you have to create another user account and then essentially give it no access outside it’s home directory /Users/Username. This is very similar in Linux but chroot’s give you more flexibility. WE apps can also steal all the processing power of the box.
You can change the user / group on OS X using terminal if you really need to
Same as linux in that regard
You can use ACL’s to restrict things as well
Thank you Phillip and Norman.