1
kmicic
Security concerns with Unix permissions
  • 2006/7/9 2:02

  • kmicic

  • Just popping in

  • Posts: 2

  • Since: 2006/7/9 1


Hello,

I am evaluating Xoops, and I noticed a couple of things that worry me.

1. mainfile.php has to be world readable for XOOPS to work. This file has the DB password in it.

2. uploads directory is world readable _and_ world writeable.

Is this something that is specific to the server I'm running on, specific to php, or specific to Xoops?

Regards,
Paul
Columbia, MO

2
kmicic
Re: Security concerns with Unix permissions
  • 2006/7/9 4:39

  • kmicic

  • Just popping in

  • Posts: 2

  • Since: 2006/7/9 1


Seems to be specific to the server... I also have XOOPS set up on DreamHost, and there I can change permissions on both mainfile and uploads to user only, and everything still works.

3
zyspec
Re: Security concerns with Unix permissions
  • 2006/7/9 4:43

  • zyspec

  • Module Developer

  • Posts: 1095

  • Since: 2004/9/21


I'd recommend you also look at using the Protector Module. One of the things included are instructions for moving the dB username/password out of mainfile and into a secure area.

4
OldFriend
Re: Security concerns with Unix permissions
  • 2006/7/9 5:26

  • OldFriend

  • Just popping in

  • Posts: 99

  • Since: 2005/10/28


Quote:
I'd recommend you also look at using the Protector Module. One of the things included are instructions for moving the dB username/password out of mainfile and into a secure area.


I don't understand why these 2 features are not part of a minimum install.

5
Chappy
Re: Security concerns with Unix permissions
  • 2006/7/9 6:12

  • Chappy

  • Friend of XOOPS

  • Posts: 456

  • Since: 2002/12/14


Kmicic:

Your php configuration is probably set up as cgi rather than the apache module. JaguarPC Hosting recently went the same route. Supposedly it enhances the security when your on shared servers.

You can check out this thread on their forums for further info on the cgi setup.
MMM...It tastes like chicken! ...

Login

Who's Online

222 user(s) are online (142 user(s) are browsing Support Forums)


Members: 0


Guests: 222


more...

Donat-O-Meter

Stats
Goal: $100.00
Due Date: Mar 31
Gross Amount: $0.00
Net Balance: $0.00
Left to go: $100.00
Make donations with PayPal!

Latest GitHub Commits