Menu
▾
▴
phpwebsite-developers
|
From: Michael D. <mde...@in...> - 2002-03-02 00:34:45
|
I haven't installed PWS yet, but was trying to find some docs that might address installation with security in mind. Also, as I understand it, having register_globls on isn't the most secure thing to do. Any comments? And, I would suppose trying to use php's safe_mode won't work. Just any pointers would be appreciated. Thanks, MD |
|
From: Geoff S. <ge...@ho...> - 2003-02-16 20:12:00
|
I'm concerned about the security setup and also rather frustrated. Anyone want to relieve my anxiety or have an idea about how to handle this? The statement in the security documentation that some files need to be = "writable" is not very helpful. I looked at the shell script and it appears = that what this means is 777 (read, write, and execute for users, owner, and = groups).=20 I seem to have a number of things that aren't working on my test installation = that I'm guessing are file permission related. But, without any confidence that the security is setup properly or that I even = know how permissions should be setup is quite frustrating. The manual = instructions state that you shouldn't do a manual security setup unless you = know what you are doing. Well. OK. But, what are the settings actually supposed = to be? I set the my test installation using the guidelines. (Don't know if it = is correct because I had to guess at what the instructions actually meant.) For those who are concerned with the usability and security of phpWebSite, I = suggest that you go through and do a manual security setup on the files and = directories to see just how long it takes and how error prone it can be. I'm also concerned about setting something wrong in the process of doing an = update or other maintenance and leaving a security hole. phpWebSite is going to suffer in popularity if there is not a clear, easy, and = quick way to set security and to verify that it is set correctly - especially = given the large number of files and directories distributed across the system = that need different settings. Many web hosts do not allow shell access, so, the scripts provided are useless = to many. Geoff Geoff Staples Hostricity Web Hosting www.Hostricity.com 214.599.0260 ge...@ho... 3883 Turtle Creek Blvd., Suite 1812 Dallas, Texas 75219 |
|
From: Mike N. <mh...@us...> - 2003-02-16 20:24:43
|
On Sun, 2003-02-16 at 12:11, Geoff Staples wrote: > I'm concerned about the security setup and also rather frustrated. > > Anyone want to relieve my anxiety or have an idea about how to handle > this? > > The statement in the security documentation that some files need to be > "writable" is not very helpful. I looked at the shell script and it > appears that what this means is 777 (read, write, and execute for > users, owner, and groups). Geoff, There are two scrips for RC4. One is for people with root access, and the other is for people without root access. If you can't use the root version, make sure to keep local backups of your phpWS install. This is a good idea anyway. secure_phpws.sh NONROOT_secure_phpws.sh http://res1.stddev.appstate.edu/horde/chora/cvs.php/phpwebsite/setup > I seem to have a number of things that aren't working on my test > installation that I'm guessing are file permission related. > > But, without any confidence that the security is setup properly or that > I even know how permissions should be setup is quite frustrating. The > manual instructions state that you shouldn't do a manual security setup > unless you know what you are doing. Well. OK. But, what are the > settings actually supposed to be? I set the my test installation using > the guidelines. (Don't know if it is correct because I had to guess at > what the instructions actually meant.) Did you look in this doc? SECURE.txt http://res1.stddev.appstate.edu/horde/chora/co.php/phpwebsite/docs -- Mike Noyes <mhnoyes @ users.sourceforge.net> http://sourceforge.net/users/mhnoyes/ http://leaf-project.org/ http://sitedocs.sf.net/ http://ffl.sf.net/ |
|
From: Adam M. <ad...@tu...> - 2003-02-17 17:26:25
|
Most of these issues should be addressed in the INSTALL.txt file in the core docs directory. I will review those docs again and clarify anything that is 'fuzzy'. Adam > I'm concerned about the security setup and also rather frustrated. > > Anyone want to relieve my anxiety or have an idea about how to handle > this? > > The statement in the security documentation that some files need to be > "writable" is not very helpful. I looked at the shell script and it > appears that what this means is 777 (read, write, and execute for users, > owner, and groups). > > I seem to have a number of things that aren't working on my test > installation that I'm guessing are file permission related. > > But, without any confidence that the security is setup properly or that > I even know how permissions should be setup is quite frustrating. The > manual instructions state that you shouldn't do a manual security setup > unless you know what you are doing. Well. OK. But, what are the settings > actually supposed to be? I set the my test installation using the > guidelines. (Don't know if it is correct because I had to guess at what > the instructions actually meant.) > > For those who are concerned with the usability and security of > phpWebSite, I suggest that you go through and do a manual security setup > on the files and directories to see just how long it takes and how error > prone it can be. > > I'm also concerned about setting something wrong in the process of doing > an update or other maintenance and leaving a security hole. > > phpWebSite is going to suffer in popularity if there is not a clear, > easy, and quick way to set security and to verify that it is set > correctly - especially given the large number of files and directories > distributed across the system that need different settings. > > Many web hosts do not allow shell access, so, the scripts provided are > useless to many. > > Geoff > > > Geoff Staples > Hostricity Web Hosting > www.Hostricity.com > 214.599.0260 > ge...@ho... > > 3883 Turtle Creek Blvd., Suite 1812 > Dallas, Texas 75219 > > > ------------------------------------------------------- > This sf.net email is sponsored by:ThinkGeek > Welcome to geek heaven. > http://thinkgeek.com/sf > _______________________________________________ > Phpwebsite-developers mailing list > Php...@li... > https://lists.sourceforge.net/lists/listinfo/phpwebsite-developers --------------------------------------------------------------------- Adam Morton Developer - Electronic Student Services http://phpwebsite.appstate.edu Founder - Appalachian Linux Users Group http://alug.appstate.edu |
|
From: Geoff S. <ge...@ho...> - 2003-02-16 19:51:49
Attachments:
GEOFF.vcf
|
I'm concerned about the security setup and also rather frustrated. Anyone want to relieve my anxiety or have an idea about how to handle this? The statement in the security documentation that some files need to be = "writable" is not very helpful. I looked at the shell script and it appears = that what this means is 777 (read, write, and execute for users, owner, and = groups).=20 I seem to have a number of things that aren't working on my test installation = that I'm guessing are file permission related. But, without any confidence that the security is setup properly or that I even = know how permissions should be setup is quite frustrating. The manul = instructions state that you shouldn't do a manual security setup unless you = know what you are doing. Well. OK. But, what are the settings actually supposed = to be? I set the my test installation using the guidlines. (Don't know if it is = correct because I had to guess at what the instructions actually meant.) For those who are concerned with the usability and security of phpWebSite, I = suggest that you go through and do a manual security setup on the files and = directories to see just how long it takes and how error prone it can be. I'm also concerned about setting something wrong in the process of doing an = update or other maintenance and leaving a security hole. phpWebSite is going to suffer in popularity if there is not a clear, easy, and = quick way to set security and to verify that it is set correctly - especially = given the large number of files and directories distributed across the system = that need different settings. Many web hosts do not allow shell access, so, the scripts provided are useless = to many. Geoff Geoff Staples Hostricity Web Hosting www.Hostricity.com 214.599.0260 ge...@ho... 3883 Turtle Creek Blvd., Suite 1812 Dallas, Texas 75219 |
|
From: Alessandro P. (T. / J578) <al...@ti...> - 2002-03-02 13:51:32
|
On Sat, 2002-03-02 at 01:43, Michael Dearman wrote: > > I haven't installed PWS yet, but was trying to find some docs that might > address installation with security in mind. > > Also, as I understand it, having register_globls on isn't the most secure thing to do. Any > comments? This is known and it will be addressed in 0.8.3 > And, I would suppose trying to use php's safe_mode won't work. You suppose WRONG: phpWebSite perfectly works with safe_mode=On. Infact I use safe_mode=on on my delevelopment box > Just any pointers would be appreciated. Bye, Alessandro -- Alessandro "TXM" Pisani - al...@ti... - ICQ #2209087 phpWebSite Development Team http://phpwebsite.appstate.edu INWO Project coordinator http://inwoproject.sourceforge.net "I will carry you through, hicking and screaming, and in the end you will thank me" - Tyler Durden [from "Fight Club"] |
×
Want the latest updates on software, tech news, and AI?
Get latest updates about software, tech news, and AI from SourceForge directly in your inbox once a month.
Thanks for helping keep SourceForge clean.
X