Gossamer Forum: Products: Gossamer Mail: Discussion: Re: [Chaz] Isn't this a Security Threat?: Edit Log

Gossamer Threads

Home : Products : Gossamer Mail : Discussion :

Products: Gossamer Mail: Discussion: Re: [Chaz] Isn't this a Security Threat?: Edit Log

Here is the list of edits for this post

May 4, 2003, 12:32 PM

Paul

Veteran (19537 posts)

May 4, 2003, 12:32 PM

Re: [Chaz] Isn't this a Security Threat?

Quote:

Even though the files are owned by joe_bloggs, when Apache runs webmail.cgi, it executes as nobody. You would have to set the file permission on the def files (and others) so that nobody has access to them, correct?

Yes, Links SQL files are able to be modified by "nobody" but the issue was regarding the security of the def files and so if the users home directory has the correct permissions then a user using ssh cannot gain access to read their files.

This can't be done via the web, firstly due to .htaccess on the admin panel and secondly because the defs directory contains a .htaccess file stopping GET requests.

Last edited by:

Paul: May 4, 2003, 12:33 PM

Edit Log:

Post edited by Paul Post edited by Paul (Veteran) on May 4, 2003, 12:33 PM

Gossamer Threads is a Vancouver-based company with over 28 years experience in web technology. From development to hosting, we partner with leading organizations around the globe and help to build their web presences, strategies and infrastructures.

Let’s talk: 1-877-715-7676