|
|
Posted by Jerry Stuckle on 10/27/06 12:38
TheTeapot wrote:
> Rik wrote:
>
>>R K wrote:
>>
>>>Rik wrote:
>>>
>>>>R K wrote:
>>>>
>>>>>Then I'd have to reboot the server for every change, not interested
>>>>>in that. Already short on time and this is not my real job.
>>>>
>>>>Well, there's security and there's the illusion of security. Good
>>>>luck.
>>>
>>>It's worked for me so far. Gold plating every damn thing hasn't.
>>>Back at ya.
>>
>>Hmmmf.
>>Last piece of advice:
>>if you have different users, different user-dirs, but want to apply
>>unoveridable settings to every dir:
>>http://httpd.apache.org/docs/2.0/mod/mod_userdir.html
>>http://httpd.apache.org/docs/2.0/howto/public_html.html
>>
>>And check AllowOverride
>>
>>For more information alt.apache.configuration
>>--
>>Rik Wasmus
>
>
> Rather than an upload directory, it has been set up to use the user's
> "Sites/" folder.
>
> I think that the end solution will be to point out that few students
> will know how to code and use the PHP on the system, and none of the
> students I know can actually use PHP to hack a server.
>
> The other thing is that it isn't part of the Internet, only the
> school's Intranet.
>
> Thanks everyone, I'll see how I go tomorrow.
>
(Top posting fixed)
I agree with Moot. Students are much smarter and capable than you
think. Some of them may have been doing PHP for several years - and
would know a lot more than you do.
If you don't know how to properly secure your system you are not only
looking for trouble - you're opening the door wide and putting a huge
"Welcome" mat on the porch.
And what's it going to cost your school in attorney's fees, reputation,
etc. if someone hacks the grades database? Or gets a list of SSN's, etc.?
If you can't secure it properly, don't have *any* access to anything
private available. Better yet, don't allow students on the system in
the first place. Set up a different server for them which is isolated
from the rest of the school's network.
P.S. Please don't top post. Thanks.
--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex@attglobal.net
==================
Navigation:
[Reply to this message]
|