logo       
<prev   next>

Re: Security Question: msg#00021

Subject: Re: Security Question 
On Mon, 2005-04-25 at 11:41, Matthew McNaney wrote:
> There are two other backup measures added to the parser. First, we
> removed the ability for anonymous users to upload documents in
> announcements and calendar. Second, phpWebSite checks the file extension
> and prohibits executable files from being written.

Matt,
I'm no security expert, but I think uploads should be disabled by
default. Then use fine grained permissions to allow uploads for specific
users.

-- 
Mike Noyes <mhnoyes at users.sourceforge.net>
http://sourceforge.net/users/mhnoyes/
SF.net Projects: leaf, phpwebsite, phpwebsite-comm, sitedocs



-------------------------------------------------------
SF.Net email is sponsored by: Tell us your software development plans!
Take this survey and enter to win a one-year sub to SourceForge.net
Plus IDC's 2005 look-ahead and a copy of this survey
Click here to start!  http://www.idcswdc.com/cgi-bin/survey?id=105hix
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Security Question, Matthew McNaney
Next by Date:  Re: Security Question, Shaun Murray
Previous by Thread:  Security Question, Matthew McNaney
Next by Thread:  Re: Security Question, Shaun Murray
Indexes:  [Date] [Thread] [Top] [All Lists]

Google Custom Search
Recently Viewed:
linux.arklinux....    user-groups.lin...    kde.usability/2...    ietf.ipp/2002-0...    mail.spam.spamc...    os.netbsd.devel...    audio.cd-record...    text.unicode.de...    php.documentati...    games.fps.halfl...    window-managers...    suse.oracle.gen...    bug-tracking.gn...    video.dvdrip.us...    xfree86.cvs/200...    java.netbeans.m...    network.argus/2...    culture.sf.kill...    debian.ports.al...    freebsd.questio...    qplus.devel/200...    handhelds.palm....   
Home | blog view | USPTO Patent Archive | advertise | OSDir is an inevitable website. super tiny logo

Free Magazines

Cisco News
Receive a free quarterly e-newsletter with exclusive articles on how Cisco IT uses its own products and solutions to enable the business.
subscribe

Systems Management News, the newspaper for IT systems administration and data center managers! Each issue of Systems Management News is chock-full of news and analysis to help you understand what's happening in your field.
subscribe

The Enterprise Newsweekly eWeek is the essential technology information source for builders of e-business.
subscribe

Oracle Magazine Oracle Magazine contains technology strategy articles, sample code, tips, Oracle and partner news, how to articles for developers and DBAs, and more. Oracle (NASDAQ: ORCL) is the world's largest enterprise software company.
subscribe

Total Telecom Total Telecom is "The Economist of the communications industry".
subscribe