[Pmwiki-users] file permissions
erik de wild
erik.dewild
Sun Aug 10 17:24:58 CDT 2003
This is not a question but more a point of discussion. It's about the
permissions you should set on the PMwiki files and directories. The
recommended permission give users the change, when the configuration of
the apache server allows, to look what files are there and what the
content is.
I just read the book "Linux Exposed", a book about security and what to
do about it on a Linux box. It made me alert.
Giving visitors the possibility to look at the content of files creates
a security leak because hackers can get very usefull information for
hacking the site.
Giving group members all the permissions needed to do everything with
the site is a security leak because a hacker can add his/herself to the
group and do anything with the site he or she wants.
I think the safest way to run a PMwiki site is to give the user linked
to the webserver (apache, noboddy, www) full permissions but the group
or others none.
If you think this is an interesting topic and you agree or disagree with
me please post a message.
I still have a lot of questions but this is my third mail for the
evening. If this is to much please let me know in a gentle way.
With friendly regards
Erik de Wild
Tripple-o: open standards, open source, open mind
-------------- next part --------------
Skipped content of type multipart/related
More information about the pmwiki-users
mailing list