On Thursday 14 July 2005 08:55 am, Eric S. Johansson wrote: > the challenge here is with integrity of the archive. now maybe this is > different with the Web space but the last time I used source for for > this (IPCop wiki), we had major problems with unauthorized people > deleting our site. Source for is not protected from vandalism is far as > I know.
Don't confuse the issue here. Your wiki got 'hacked' via insecure permissions on the webserver. To write to files via scripts executed by sf.net's apache* they have to be (basically) world writable, and anyone with shell access on sf.net can 'hack' you. You fix this by not using wikis (et al.) that write to files, and instead switch to ones that write to SQL. However, none of this effects darcs at all, you're not writing via the webserver, you're writing to a darcs archive via darcs over ssh. * sf.net's apache doesn't use suid, because it causes apache literally hours to startup. Its an apache bug. -- Patrick "Diablo-D3" McFarland || [EMAIL PROTECTED] "Computer games don't affect kids; I mean if Pac-Man affected us as kids, we'd all be running around in darkened rooms, munching magic pills and listening to repetitive electronic music." -- Kristian Wilson, Nintendo, Inc, 1989
pgpdtpGxNYtdI.pgp
Description: PGP signature
_______________________________________________ darcs-users mailing list [email protected] http://www.abridgegame.org/mailman/listinfo/darcs-users
