Gossamer Forum: Products: Others: Fileman: permission for ConfigData.pm

Dec 18, 2002, 1:18 AM

sionghua

New User (4 posts)

Dec 18, 2002, 1:18 AM

Post #1 of 10

Shortcut

permission for ConfigData.pm

I got his email. But I have changed the file permission for the cinfigdata.pm file, but then fileman won't work, what should be the correct permission setting for this file?

name: yeckr
country:
comment: hi there...i want to warn you, your site can easily be hacked, since your fileman password can be viewed by anyone:
http://xianghua.freeshell.org/cgi-bin/fileman/ConfigData.pm

Dec 18, 2002, 1:56 AM

Andy

Veteran / Moderator (18441 posts)

Dec 18, 2002, 1:56 AM

Post #2 of 10

Shortcut

Re: [sionghua] permission for ConfigData.pm In reply to

666, but 664 may work.

Cheers

Andy (mod)
andy@ultranerds.co.uk

Dec 19, 2002, 1:30 AM

sionghua

New User (4 posts)

Dec 19, 2002, 1:30 AM

Post #3 of 10

Shortcut

Re: [Andy] permission for ConfigData.pm In reply to

but using 666/664 someone can easily see my password by going to the CinfigData.pm's address

Dec 19, 2002, 1:37 AM

Andy

Veteran / Moderator (18441 posts)

Dec 19, 2002, 1:37 AM

Post #4 of 10

Shortcut

Re: [sionghua] permission for ConfigData.pm In reply to

Only other way I can think of doing it, is adding in CHMOD commands;

Code:
chmod(0666, "ConfigData.pm"); 

stuff writing to configdata.pm 

chmod(0644, "ConfigData.pm");

This would obviously require you editing the script, and finding anywhere that ConfigData.pm is written to.

Hope that helps.

Andy (mod)
andy@ultranerds.co.uk

Dec 19, 2002, 8:39 PM

sionghua

New User (4 posts)

Dec 19, 2002, 8:39 PM

Post #5 of 10

Shortcut

Re: [Andy] permission for ConfigData.pm In reply to

I am getting abit confused here.

Dec 20, 2002, 1:47 AM

Andy

Veteran / Moderator (18441 posts)

Dec 20, 2002, 1:47 AM

Post #6 of 10

Shortcut

Re: [sionghua] permission for ConfigData.pm In reply to

All I am saying, is to add those parts of codes around when Fileman writes to ConfingData.pm. It will CHMOD the file correctly for writing to it, and then set it back to 644, so its not viewable via the web.

Cheers

Andy (mod)
andy@ultranerds.co.uk

Dec 20, 2002, 3:10 AM

sionghua

New User (4 posts)

Dec 20, 2002, 3:10 AM

Post #7 of 10

Shortcut

Re: [Andy] permission for ConfigData.pm In reply to

can't find in the script anything to do with Configdata

Dec 20, 2002, 9:51 AM

604

Staff / Moderator (733 posts)

Dec 20, 2002, 9:51 AM

Post #8 of 10

Shortcut

Re: [sionghua] permission for ConfigData.pm In reply to

Hi,

There is another way to handle it, just follow the instruction below to work it out:

- Move the ConfigData.pm to /path_to/private/lib

- Search for $CFG_PATH = "ConfigData.pm" in FileMan.pm ( around line #26) and change to:
$CFG_PATH = '/path_to/private/lib/ConfigData.pm';

- Change the pwd_single subroutine a little bit:

sub pwd_single () {
#------------------------------------------------------
# Change password in single version
#
my $self = shift;
($self->{cfg}->{single}) or die $LANGUAGE{ERR_VERSION};
my $fn = "$self->{cfg}->{priv_path}/lib/ConfigData.pm";
.....

}

Now, the ConfigData.pm cannot be accessed through URL any more.

TheStone.

B.

Jan 27, 2003, 10:47 AM

WAD

New User (1 post)

Jan 27, 2003, 10:47 AM

Post #9 of 10

Shortcut

Re: [TheStone] permission for ConfigData.pm In reply to

This is the very first thing I noticed after I installed the script - ConfigData.pm is left to be poked at will.

A lot of good things I want to say about the program, but PLEASE FIX it in your next release.

Jan 27, 2003, 10:54 AM

604

Staff / Moderator (733 posts)

Jan 27, 2003, 10:54 AM

Post #10 of 10

Shortcut

Re: [WAD] permission for ConfigData.pm In reply to

Hi,

Actually, We already fixed it and added some new features in the next release, but we haven't released it yet.

TheStone.

B.

Last edited by:

TheStone: Jan 27, 2003, 10:54 AM