-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
> From: Brandon Friedman [mailto:[EMAIL PROTECTED]]
> 2. .htaccess control - Is this required?
I'd tend to say no--anything you'd want to do in an .htaccess file
can be done in the template fragment you need to create anyway.
However, the fragment I posted for Gallery does allow for a limited
application of an .htaccess file. The main reason for this is to
keep the setup pages from complaining that it didn't work.
> 3. Directory ownership - Who should be the owner of this directory?
> www or root:shared? Why?
The question also applies to files contained in the directory. I'm
really not sure. I'm still inclined to say www:www, but Darrell has
pointed out that this would allow a malicious PHP script (or,
presumably, a malicious CGI) to overwrite any files with that
ownership. Maybe if the files aren't owner-writable?
> 4. Access right? - chmod ? 755 should be ok?
For the directory; and for the files 644 (though wrt the above,
maybe 444 would be better).
- --
Dan Brown, KE6MKS, [EMAIL PROTECTED]
"Since all the world is but a story, it were well for thee to buy the
more enduring story rather than the story that is less enduring."
-- The Judgment of St. Colum Cille
-----BEGIN PGP SIGNATURE-----
Version: PGP 7.0.4
iQA/AwUBPL4Pfn6CI7gsQbX8EQL5sQCfVZT+nZQwQwyM37lrLWhO9Y9G1qcAoOWg
/MnXozaGNGZuTmwOKgmyFisP
=XQS5
-----END PGP SIGNATURE-----
--
Please report bugs to [EMAIL PROTECTED]
Please mail [EMAIL PROTECTED] (only) to discuss security issues
Support for registered customers and partners to [EMAIL PROTECTED]
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Archives by mail and http://www.mail-archive.com/devinfo%40lists.e-smith.org
