From: Oliver B. <ob...@de...> - 2005-02-28 07:41:26
|
Reini Urban <ru...@x-...> wrote: > I assume that anybody has access to the ADMIN and DSN passwords > by using the configurator url. > > How should that be solved? Kind'a bootstrapping problem. Some thoughts: 1. Use a separate password file (or http auth) to hold (at least) the admin password. 2. If the password is set, make the configurator itself password protected. Then only the time between upload and first configuration is unsafe. 3. Old configuration (edit well commented php file) - my favourite solution. Oliver |
From: Reini U. <ru...@x-...> - 2005-02-28 17:20:48
|
Oliver Betz schrieb: > Reini Urban <ru...@x-...> wrote: >>I assume that anybody has access to the ADMIN and DSN passwords >>by using the configurator url. >> >>How should that be solved? Kind'a bootstrapping problem. > > Some thoughts: > > 1. Use a separate password file (or http auth) to hold (at least) the > admin password. > > 2. If the password is set, make the configurator itself password > protected. Then only the time between upload and first configuration > is unsafe. Good. I thought of this better solution: configurator.php is unprotected on first setup only. After the successful first config.ini save step, the admin_user/passwd is known and configurator.php should be protected by quering for this pair (TODO). until no valid config.ini exists configurator.php is open to the world and anybody from outside may define his config settings. however the admin with shell access may be able to delete this foreign malware config.ini. The typical usecase is that config.ini is not writable, so the admin will have to create this file manually by copy/pasting the value of the configurator.php textarea. > 3. Old configuration (edit well commented php file) - my favourite > solution. sure :) unfortunately we have to deal with the dummy solution also now. -- Reini Urban http://xarch.tu-graz.ac.at/home/rurban http://phpwiki.org |