--- [EMAIL PROTECTED] wrote:
> On Sun, 6 Jan 2008, Martin Fick wrote:
>
> > --- [EMAIL PROTECTED] wrote:
> >> I think there's also a threat situation where
> >> non-root users on the server
> >> can read files in wiki.d/, e.g. 'apache'. In
> this
> >> case, having the files
> >> encrypted could help, although key management is
> >> still a problem.
> >
> > Sure, but I would just classify that as the same
> > threat (or maybe less of) as #2:
> >
> > 2) who can sniff your ftp password and therefor
> even
> > access the files once they are on the server
> (sounds
> > like yes also?)
> >
> > A local use might be even less of a threat than
> someone who has your ftp
> > password. The local user can likely only see
> files that you give world
> > readable permissions to, the ftp user can see
> everything you can see.
>
> I see. In my case, I don't use ftp, but there are
> other users on the machine and the wiki.d/-pages
> are generally world readable. Not sure why
> though... maybe it's the default? Patrick?
The web server user (www-data, apache, ...)
needs to be able to read these pages in order
to server them up. You can make files only
readable by you, but then they will not
be web readable.
-Martin
____________________________________________________________________________________
Never miss a thing. Make Yahoo your home page.
http://www.yahoo.com/r/hs
_______________________________________________
pmwiki-devel mailing list
pmwiki-devel@pmichaud.com
http://www.pmichaud.com/mailman/listinfo/pmwiki-devel
