Menu
▾
▴
[Nms-cgi-devel] World r/w able files and directories
|
From: Olivier D. <dr...@sh...> - 2002-02-14 13:15:19
|
I'm no security expert, and I'd like to ask everyone here their opinion on a certain security issue: World r/w directories and files. Is this an issue when it comes to www and httpd security? For example, the wwwboard has a directory (messages/) that is world r/w, as well as several files like data.txt, password.txt and wwwboard.html and I feel concerned about having those files accessible by web browsers and other programs through my httpd. While it is impossible to remedy such permissions on these files and directories, unless using a database such as mysql or postgres (which isn't an option for this project to keep compatibility with MWS) would such measure as: - disabling r/w access to others but making sure the files are r/w to group and set the group to www-data (or whatever the httpd is running as) - putting all possible world r/w files below the document root (or above, depending how you see this) My idea is *not* to make this the standard, but maybe include an optional security section in the README that deals with this, if of course this is a security issue. Ideas? Suggestions? -Olivier -- +----------------------------------------------+ | Olivier Dragon dr...@sh... | | Software Engineering II, McMaster University | +----------------------------------------------+ |
