[Phpwebsite-developers] Security

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

I'm concerned about the security setup and also rather frustrated.

Anyone want to relieve my anxiety or have an idea about how to handle this?

The statement in the security documentation that some files need to be =
"writable" is not very helpful. I looked at the shell script and it appears =
that what this means is 777 (read, write, and execute for users, owner, and =
groups).=20

I seem to have a number of things that aren't working on my test installation =
that I'm guessing are file permission related.

But, without any confidence that the security is setup properly or that I even =
know how permissions should be setup is quite frustrating. The manul =
instructions state that you shouldn't do a manual security setup unless you =
know what you are doing. Well. OK. But, what are the settings actually supposed =
to be? I set the my test installation using the guidlines. (Don't know if it is =
correct because I had to guess at what the instructions actually meant.)

For those who are concerned with the usability and security of phpWebSite, I =
suggest that you go through and do a manual security setup on the files and =
directories to see just how long it takes and how error prone it can be.

I'm also concerned about setting something wrong in the process of doing an =
update or other maintenance and leaving a security hole.

phpWebSite is going to suffer in popularity if there is not a clear, easy, and =
quick way to set security and to verify that it is set correctly - especially =
given the large number of files and directories distributed across the system =
that need different settings.

Many web hosts do not allow shell access, so, the scripts provided are useless =
to many.

Geoff

Geoff Staples
Hostricity Web Hosting
www.Hostricity.com
214.599.0260
ge...@ho...

3883 Turtle Creek Blvd., Suite 1812
Dallas, Texas 75219