NAME
    Karma - Security Guide

Introduction
    Karma has been designed with security in mind, from both the OS
    perspective and the database perspective. If you find any
    security related problems or bugs, please be sure to email them
    to me.

Database Security
    I've created associated scripts in the "sql" directory to
    provide a way to easily create a user for running karma. Notice
    that the user is created with "SELECT ANY TABLE" privilages.
    This will prevent karma from being able to modify anything in
    your database. Though it does not make any such attempt, this
    provides peace of mind.

OS Level Security
    Karma does not run as a cgi script, and things are done that way
    for a number of reasons. For one, it protects the database from
    many iterations of a cgi script which could potentially impact
    performance. For another it virtually eliminates cgi-bin related
    security issues. The html pages which are ultimately loaded into
    a browser are prebuilt, and static for each iteration until
    karma wakes up again, and refreshes them.

