Menu
▾
▴
Re: [PHPiCalendar-DEV] Real admin page
|
From: Nicolas C. <nic...@gm...> - 2005-11-30 23:17:54
|
On 11/30/05, Wesley Miaw <we...@we...> wrote: > > Hi Nicolas, > > > You're right. > > The login/pass are the only secret information contained in this file, > > aren't they ? > > I would consider the calendar path, things like webcals, showing > events, showing todos, login, the tmp_dir, and all of those login > things like locked cals, etc to be secret information also. What is damaging in seeing all thoses information (I'm not talking, of course, about login) ? Calendars are access restricted, by the htaccess procedure, and everything else is just information, in a readonly (well configure) anonymous web server ... The other stuff is more cosmetic, and probably not damaging to expose. > > > What are their practical uses ? > > Entering the 'admin' page and publishing (I'm not sure, they're really > > useful in it), what else ? > > Not sure what your question is? A part of entering the admin page and publishing calendars, where the coupl= e login/pass is used, in phpicalendar ? (I'm thinking of getting rid of plaintext password, because THAT is a real security breach) Nicolas. |
