[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[cobalt-users] Re:- PHP HTTP File Editor
- Subject: [cobalt-users] Re:- PHP HTTP File Editor
- From: Charlie Summers <charlie@xxxxxxxxxx>
- Date: Sat Jan 18 17:02:55 2003
- List-id: Mailing list for users to share thoughts on Sun Cobalt products. <cobalt-users.list.cobalt.com>
At 9:20 AM -0500 1/18/03, Steven Depuydt - www.BeNe.WS is rumored to have
typed:
> What can we do against this ?
>
> THANKS FOR YOUR COMMENTS !!
Well, for one thing, we can STOP SCREAMING! Take a few deep breaths. Feel
better now? Good.
First off, the HTML Editor isn't a, "HACK !!," it's a legitimate project
with source code available. It isn't terribly _useful,_ IMHO, since I've seen
much better editors around, but it's perfectly servicable and nowhere near a
hazard or a problem.
(*sigh*) To directly answer your question, I suggest you spend a few
minutes at the php.net website reading the documentation (novel idea, that),
especially the sections on security (specifically filesystem security),
configuration, and Safe Mode. I think you'll discover that although that
anyone with the editor might be able to, "BRWOSE & READ the COMPLETE
directory structure of *YOUR* server with his browser," that person couldn't
do any such thing to a properly-configured machine.
If you'd like to see a PROPERLY configured example, go to the SorceForge
site for this project, and try to edit above the
/home/groups/p/ph/phphttpfileed/htdocs/testdrive/ directory:
http://phphttpfileed.sourceforge.net/index.php
And _please,_ next time, do a little research before you proclaim that the
sky is falling. Think, "RTFM."
Charlie (who can't help but wonder if this is yet another
example of people installing "packages" which
they _think_ will take away their responsibility
to understand the software they install on their
server, and panicking when they discover it doesn't;
welcome to the world of the sysadmin)