re[2]: [Phpwebsite-developers] Security

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

Mike:

There are two scripts. But, they both require shell access which many people =
don't have.

Yes, I did look at security.txt. Here's the relevant portion (which I quoted in =
my post):

DO IT YOURSELF:
Use this only if you know that your are doing!!!
for setup /conf needs write access
for run you need these writeable
/mod/*/docs
/mod/*/templates
/docs
/images
/.htaccess

As I mentioned, there is user, owner, and group read, write, and execute. I =
looked at the shell script and it appears that these items should be set to 777 =
(read, write, execute access for everyone). But, even though that's what the =
shell script says, that doesn't seem right to me.

Geoff

 >>  On Sun, 2003-02-16 at 12:11, Geoff Staples wrote:
 >>  > I'm concerned about the security setup and also rather frustrated.
 >>  >=20
 >>  > Anyone want to relieve my anxiety or have an idea about how to handle
 >>  > this?
 >>  >=20
 >>  > The statement in the security documentation that some files need to be
 >>  > "writable" is not very helpful. I looked at the shell script and it
 >>  > appears that what this means is 777 (read, write, and execute for
 >>  > users, owner, and groups).=20

 >>  Geoff,
 >>  There are two scrips for RC4. One is for people with root access, and
 >>  the other is for people without root access. If you can't use the root
 >>  version, make sure to keep local backups of your phpWS install. This is
 >>  a good idea anyway.

 >>  secure_phpws.sh
 >>  NONROOT_secure_phpws.sh
 >>  http://res1.stddev.appstate.edu/horde/chora/cvs.php/phpwebsite/setup

 >>  > I seem to have a number of things that aren't working on my test
 >>  > installation that I'm guessing are file permission related.
 >>  >=20
 >>  > But, without any confidence that the security is setup properly or that
 >>  > I even know how permissions should be setup is quite frustrating. The
 >>  > manual instructions state that you shouldn't do a manual security setup
 >>  > unless you know what you are doing. Well. OK. But, what are the
 >>  > settings actually supposed to be? I set the my test installation using
 >>  > the guidelines. (Don't know if it is correct because I had to guess at
 >>  > what the instructions actually meant.)

 >>  Did you look in this doc?

 >>  SECURE.txt
 >>  http://res1.stddev.appstate.edu/horde/chora/co.php/phpwebsite/docs

 >>  --=20
 >>  Mike Noyes <mhnoyes @ users.sourceforge.net>
 >>  http://sourceforge.net/users/mhnoyes/
 >>  http://leaf-project.org/  http://sitedocs.sf.net/  http://ffl.sf.net/

 >>  -------------------------------------------------------
 >>  This sf.net email is sponsored by:ThinkGeek
 >>  Welcome to geek heaven.
 >>  http://thinkgeek.com/sf
 >>  _______________________________________________
 >>  Phpwebsite-developers mailing list
 >>  Php...@li...
 >>  https://lists.sourceforge.net/lists/listinfo/phpwebsite-developers

Geoff Staples
Hostricity Web Hosting
www.Hostricity.com
214.599.0260
ge...@ho...

3883 Turtle Creek Blvd., Suite 1812
Dallas, Texas 75219