[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-users] Cobalt wishlist

Subject: Re: [cobalt-users] Cobalt wishlist
From: "Robert G. Fisher" <rfisher@xxxxxxxxxxxxxxx>
Date: Wed Apr 5 13:48:03 2000

On Wed, Apr 05, 2000 at 03:32:21PM -0500, Chris Adams wrote:
> When I had the cgiwrap problem, it was more serious because not only was
> it a security problem but it broke functionality.  The current problem I
> know of doesn't break any functionality, it just lets anyone on a RaQ
> edit all FrontPage sites on the RaQ.

Not really.  On the RaQ, FP97 extensions are installed.  The
configuration still relies on .htaccess files which generally
point the AuthUserFile and AuthGroupFile to ./_vti_pvt/service.pwd
and ./_vti_pvt/service.grp and restrict PUT and POST in the 
./_vti_bin/ directories to use administrators or authors group 
from service.grp.  (FP uses CGI's POST method to upload all pages.)

> Any copy of Apache I setup I would never "AllowOverride All".  The only
> "safe" things to AllowOverride on are AuthConfig, Indexes, and Limit.  

Amen ;-)

-- 
Robert G. Fisher		     NEOCOM Microspecialists Inc. 
System Administrator/Programmer      (540) 666-9533 x 116

Follow-Ups:
- Re: [cobalt-users] Cobalt wishlist
  - From: Chris Adams

References:
- Re: [cobalt-users] Cobalt wishlist
  - From: Paul Schreiber
- Re: [cobalt-users] Cobalt wishlist
  - From: Chris Adams

Prev by Date: [cobalt-users] PHP4
Next by Date: Re: [cobalt-users] Report on Raq3 restore CD (a little lengthy)
Previous by thread: Re: [cobalt-users] Cobalt wishlist
Next by thread: Re: [cobalt-users] Cobalt wishlist

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index