[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Phpgroupware-tracker] [support #100420] filemanager directory security
From: |
anonymous |
Subject: |
[Phpgroupware-tracker] [support #100420] filemanager directory security |
Date: |
Wed, 22 Dec 2004 23:52:13 -0500 |
User-agent: |
Mozilla/5.0 (Windows; U; Win98; en-US; rv:1.7.5) Gecko/20041107 Firefox/1.0 StumbleUpon/1.999 |
This mail is an automated notification from the support tracker
of the project: phpGroupWare.
/**************************************************************************/
[support #100420] Latest Modifications:
Changes by: Anonymous user
Date:
Wed 12/22/2004 at 23:38
------------------ Additional Follow-up Comments ----------------------------
It seems to me this works well. Using your example, you could add files you
want to be public to your directory
http://www.mysite.com/phpgroupware/files/smith and create a subdirectory called
'private' for other files you don't want to be public:
http://www.mysite.com/phpgroupware/files/smith/private. Then you can protect
that folder and have the best of both worlds. If the directory were stored
elsewhere, you wouldn't have the public option.
/**************************************************************************/
[support #100420] Full Item Snapshot:
URL: <http://savannah.gnu.org/support/?func=detailitem&item_id=100420>
Project: phpGroupWare
Submitted by: Jeff
On: Tue 02/12/2002 at 05:55
Category: Question - NOT BUG REPORT
Priority: 5 - Normal
Severity: 3 - Ordinary
Resolution: None
Privacy: Public
Assigned to: None
Originator Email:
Status: Closed
Summary: filemanager directory security
Original Submission:
Hello,
I'm not sure whether I'm confused about this, or if it
really should be this way. For example; if you have a
phpgroupware site called
http://www.mysite.com/phpgroupware and a user called
smith, then you can go to his files directly via
http://www.mysite.com/phpgroupware/files/smith without
logging in (you can turn off dir browsing in your ww
server, but if you know the filename it doesn't
matter), without any security measures at all. I know
this security "responsibility" lays with the www
server, but it seems wierd. Why are the files stored
in a directory accessible directly via the www server,
and not in any other place where you only can access
them via the filemanager module when you are actually
logged in?
Cheers,
Stefan
Follow-up Comments
------------------
-------------------------------------------------------
Date: Wed 12/22/2004 at 23:38 By: 0 <None>
It seems to me this works well. Using your example, you could add files you
want to be public to your directory
http://www.mysite.com/phpgroupware/files/smith and create a subdirectory called
'private' for other files you don't want to be public:
http://www.mysite.com/phpgroupware/files/smith/private. Then you can protect
that folder and have the best of both worlds. If the directory were stored
elsewhere, you wouldn't have the public option.
For detailed info, follow this link:
<http://savannah.gnu.org/support/?func=detailitem&item_id=100420>
_______________________________________________
Message sent via/by Savannah
http://savannah.gnu.org/
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [Phpgroupware-tracker] [support #100420] filemanager directory security,
anonymous <=