Even better to do it properly using the OS security settings. Instead of root, use a user that has all necessary permissions including port access, folder visibility and read/write access. Then you won't see things you aren't supposed to, and there no way to circumvent this.
> From: Alex Rufon <[email protected]> > > Playing around with http://localhost/jopn I realized a potential security > issue. > > You see, there are two command buttons on top for "Go Up Parent Directory" > which > is an ellipsis button and the "select" button and a drop down. The security > issue is that if you keep clicking on the ellipsis button, you'll eventually > be > able to access the /home directory of the server. > > This is a security issue since I've already elevated the ./jconsole to root > status which technically means the client can actually open all folders under > the /home directory. :) > > My suggestion is to limit the web client/user to only the j701-user and the > J701 > directories. > > Just something to think about. > > -----Original Message----- > From: [email protected] [mailto:[email protected]] On > Behalf > Of bill lam > Sent: Friday, December 04, 2009 11:41 AM > To: [email protected] > Subject: Re: [Jbeta] jhs version 1.5 available > > On Fri, 04 Dec 2009, Alex Rufon wrote: > > I got this to work. Had to do some digging first. > > > > > > It seems that in Ubuntu, you have to have root privileges to use port 80 > > which > is easily done by the SUDO command: > > aru...@jlibrary:~/Applications/j701/bin$ sudo ./jconsole > > > > -----Original Message----- > > [---=| TOFU protection by t-prot: 67 lines snipped |=---] > > I guess that isn't specific to ubuntu, any port below 1024 need > privileges to listen to. You can also list ports in use by > > $netstat -l > > -- > regards, > ==================================================== > GPG key 1024D/4434BAB3 2008-08-24 > gpg --keyserver subkeys.pgp.net --recv-keys 4434BAB3 > ---------------------------------------------------------------------- > For information about J forums see http://www.jsoftware.com/forums.htm > ---------------------------------------------------------------------- > For information about J forums see http://www.jsoftware.com/forums.htm ---------------------------------------------------------------------- For information about J forums see http://www.jsoftware.com/forums.htm
