[pmwiki-devel] encrypted pagestore?
christian.ridderstrom at gmail.com
christian.ridderstrom at gmail.com
Sun Jan 6 15:28:53 CST 2008
On Sun, 6 Jan 2008, Martin Fick wrote:
> --- christian.ridderstrom at gmail.com wrote:
>> I think there's also a threat situation where
>> non-root users on the server
>> can read files in wiki.d/, e.g. 'apache'. In this
>> case, having the files
>> encrypted could help, although key management is
>> still a problem.
>
> Sure, but I would just classify that as the same
> threat (or maybe less of) as #2:
>
> 2) who can sniff your ftp password and therefor even
> access the files once they are on the server (sounds
> like yes also?)
>
> A local use might be even less of a threat than someone who has your ftp
> password. The local user can likely only see files that you give world
> readable permissions to, the ftp user can see everything you can see.
I see. In my case, I don't use ftp, but there are other users on the
machine and the wiki.d/-pages are generally world readable. Not sure why
though... maybe it's the default? Patrick?
/Christian
--
Christian Ridderström, +46-8-768 39 44 http://www.md.kth.se/~chr
More information about the pmwiki-devel
mailing list