Menu
▾
▴
RE: [Phpwiki-talk] gui configuration of index.php
|
From: Preston L. B. <pre...@co...> - 2002-02-21 13:59:02
|
You get partly get around the security issue by only responding to requests from a fixed IP (default as localhost). You also might want to "lock" the installation - perhaps by something as simple as creating a "locked" file - so that privileged access is required to "unlock" the installation and allow changes. This protects you from the install script being run unintentionally (or not). From: Lawrence Akka > I have been thinking for some time about some sort of InstallScript - see > my comments at the bottom of > http://phpwiki.sourceforge.net/phpwiki/NewUserPreferences > > Although I don't think it is that hard to edit index.php > manually, I think > a script would make phpWiki even easier. It could even try to set up the > relevant db tables, or report an error (and give instructions) if > it could > not do so. > > Security is a big problem however. The webserver user must have write > access to index.php (obviously), and experience says that no matter how > often or clearly you tell users to change the permissions after install > (or to remove the install script completely), they often do not do so. > At 09:09 21/02/2002, Carsten Klapp wrote: > > >PHPWeather uses an excellent web-based config-file generator. With > >permission from Martin Geisler of course, I think it could be easily > >adapted to generate an index.php file for PhpWiki. > > > >There are security issues to generating a config file this way, but they > >can probably be overcome. > > > >The whole thing is completely self contained in one file. It makes the > >necessary backups, provides text output for cut and paste when the file > >couldn't be written, and allows for comments and instructions. > > > >Anyway take a look, it's pretty neat. > > > >http://cvs.sourceforge.net/cgi- > >bin/viewcvs.cgi/phpweather/phpweather/configurator.php |
