On Wed, Mar 26, 2008 at 04:02:06PM -0400, Henrik wrote: > Thanks for pointing me to the specific module responsible for the > security, Patrick, and for the reality check. > > I am continuing to investigate alternate webserver hosts. > canadianwebhosting.com looks promising. They use an suPHP scheme which > looks tight but workable, with "Your scripts and directories can have a > maximum of 755 permissions" (all files have the same owner with rwx). I > presume that would be workable? Would I have to reconfigure the > umask(002); statement in pmwiki.php for this?
You might want to add umask(022); near the beginning of your config.php, but other than that you should find that things run much better under suPHP. Pm > On Sun, Mar 23, 2008 at 10:11:49AM -0400, Henrik wrote: > > > This security change by my webhost is confirmed. In response to my query > they sent me the following response. > > ============================= > > The web server security is setup such that it will automatically block > system related words while posting data from php based applications, as this > may lead to web server exploit. We request you to stop using system related > words in your applications. > > ============================= > > So suddenly none of my websites can post external links (with the string > "http://"; anywhere in the page), and hundreds if not thousands of pages > that have this protocol embedded are suddenly uneditable. > > Truly horrible. A complete nightmare! > > But nothing to do with PmWiki. > > > > Just to follow up on this -- this particular issue is described > at http://www.pmwiki.org/wiki/PmWiki/Troubleshooting#mod_security . > There is no PmWiki-based workaround to it, as the problem is well > outside of PmWiki (as you've recognized). > > I've never heard of someone using mod_security to block "http://"; > before, though, so that's new (and an additional reason to doubt > the sanity of the webhosting provider). Note that this security > measure affects not only PmWiki, but also any application that > tries to use an input form where someone might want to provide > an http:// link (e.g., comments to blog postings, shopping carts, > etc.). > > Pm > > > > -- > > Henrik Bechmann > www.bechmann.ca > Webmaster, www.dufferinpark.ca _______________________________________________ pmwiki-users mailing list [email protected] http://www.pmichaud.com/mailman/listinfo/pmwiki-users
