phpgroupware-users
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Phpgroupware-users] Setup/configuration problem


From: Dave Hall
Subject: Re: [Phpgroupware-users] Setup/configuration problem
Date: Sat, 14 Dec 2002 10:24:25 +1100

Chris Weiss <address@hidden> wrote:

> Dave Hall (address@hidden) wrote*:
> >
> >Ok 2 things here
> >
> >Firstly the whole phpgroupware tree should be owned by
> >www-data:www-data.
> 
> This is not entirely correct, and is a configuration that I think 
> is dangerous.
> One slightly wrong piece of code and your whole phpgw tree can be 
> edited by an
> attacker, or even simply deleted.
> 
> Hm.  OK I give.
> /me goes off to make a nice simple and but thurough phpgw 
> installation and securing
> how-to.
> 

There are two ways around this.  One put your files outside of the
document root.  Also put a read only .htaccess in the top of the files
tree and disable php and any cgis in that tree.

Most people use phpgw for intranet or other known users - i know this is
not the case for all sites.  

Anyway just my 2c

Dave
> 
> 
> _______________________________________________
> Phpgroupware-users mailing list
> address@hidden
> http://mail.gnu.org/mailman/listinfo/phpgroupware-users
> 

Attachment: dave.hall.vcf
Description: Card for <dave.hall@mbox.com.au>


reply via email to

[Prev in Thread] Current Thread [Next in Thread]