|
Posted by Ray on 10/03/05 14:16
Hi Erwin,
Erwin Moller wrote:
....
> > I can do #1 and I was wondering if that is sufficient.
> No, the only advantage working outside webroot is that a simple request to
> the right place will not be answered by the webserver.
> But you can also do so by other means.
I am tempted to ask you what you mean by "other means", but on second
thought, the less people who know, the better. Good enough for me to
know that it isn't perfect security.
> As the non-root
> > user, I guess I cannot do #2...
> Yes you can.
> you can place a robots.txt file just as you can place any other text file.
Ah! I didn't know that...thank you!
> Yes, can be done.
> Pay attention to permissions however. :-)
> If you do not, you can end up with files that are readable to the world,
> that is 'everybody' who has access to your system.
> When using shared hosting, that is everybody else on the same system.
Ah! I see...
> Yes you can.
> Suppose I am on the same machine:
> - I can see directory 3)
> - I can browse the content of directory 3)
> - I can read/modify file in directory 3)
I said this in my previous reply, but I guess my main problem is that I
don't understand www-data -- the account which runs the web server and
thus, creates these files.
I tried changing ownership to it and creating a group with only me and
it, but neither worked because I'm not the root user. Perhaps I am
doing something wrong, but I am having problems chown'ing my own
files... Or, maybe the sysadmin has disallowed its use? Likewise for
creating a new group.
> Some time ago I discussed a similar problem with macbri.
> Here is a link:
> http://groups.google.nl/group/comp.lang.php/browse_thread/thread/c8751c8082573e64/35398dedf888542a?lnk=st&q=erwin+moller++permission+directory&rnum=2&hl=nl#35398dedf888542a
>
> Maybe that helps setting up something a lot more secure.
> It involves denying directorylistings combined with a very long strange name
> for a directory.
Thanks! I'm going through it now and it looks long and detailed.
Thank you for the original posting...I'll make sure the extensive
typing you did is used at least one more time by me. :)
Ray
Navigation:
[Reply to this message]
|