>too bad since they claim that only "one of the user" installed phpbb. hmmm that "said user" has control on apache's configuration that he/she managed to point out openminds main page to his public_html and obviously, a compromise of his public_html has an effect to the main index page of openminds. simple indeed!
let's not assume right away that the user who installed phpbb==the sysadmin who manages the apache config. many webhosting sites also employ the approach that you could install some php apps without you having full control of their server's apache configs. I suggest we dont jump the gun and 'therefore conclude...' from unobserved 'facts'. >its very very idiotic to install cgi on a writable area by the user that will execute that cgi. lt is idiotic but not all are security conscious at first. and many sites have this policy that user-installed apps are the user's responsibility and not the sysadmin's. One alternative is to talk to the sysadmin to modify the apache config... Which isnt exactly a casual site manager would do when he knows that placing it in public_html just works. it takes time and experience for site managers and app developers to think with security in mind. good thing this list exists as those who do have the experience can pass these to those who have yet to gain them. -- Paolo Alexis Falcone [EMAIL PROTECTED] _________________________________________________ Philippine Linux Users' Group (PLUG) Mailing List [email protected] (#PLUG @ irc.free.net.ph) Read the Guidelines: http://linux.org.ph/lists Searchable Archives: http://archives.free.net.ph
