no, that statement pertains to the 'pmwiki' directory, not the
directories within it (wiki.d, uploads)
i'm still confused - i used option 3b, to create 'wiki.d' and
'uploads', which instructs me to set them to 777. it doesn't say
anywhere to then change those directories to something else
afterward, and so this doesn't jibe with the statement "don't set
anything to 777". if it does, then the language on this essential
installation page needs to be corrected, right?
?
thx!
adam
On 22 Dec 2008, at 3:08 PM, Radu Luchian wrote:
Yes, it's true. On the page you're pointing to, you missed this text:
"Important: If you used method 3b, you should reset permissions by
executing "chmod 755 ." in the directory containing pmwiki.php."
Cheers,
Radu
On Mon, Dec 22, 2008 at 2:00 PM, adam overton
<[email protected]> wrote:
hi, is this true?
> Either way, don't set
> anything to 777.
b/c the installation instructions for pmwiki (http://pmwiki.org/wiki/
PmWiki/Installation) say setting uploads and wiki.d to 777. should
they be 775 instead? just wondering if there's any consensus on this
before i go start twiddling, changing permissions...
thx
adam
> Message: 6
> Date: Mon, 22 Dec 2008 10:25:35 -0500
> From: DaveG <[email protected]>
> Subject: Re: [pmwiki-users] Security breach?
> To: [email protected], [email protected]
> Message-ID: <[email protected]>
> Content-Type: text/plain; charset="UTF-8"
>
>
>> What happens is that the hackers use the uploads directory
>> (with 777 permissions) to upload php files, and then it seems
>> these php
>> files can be used to access other parts of the filesystem (if I
> understood
> <...snip...>
>> If a directory has 777 permissions, is there anything to stop
someone
>> putting an arbitrary file there??
> Not sure why you have directories set to 777; my uploads and wiki.d
> directories are all 775; most other directories are 755. Not sure
> why some
> are 775 -- I suspect they could be changed to 755. Either way,
> don't set
> anything to 777.
>
> ~ ~ Dave
>
>
>
> ------------------------------
>
> Message: 7
> Date: Mon, 22 Dec 2008 13:45:52 -0200
> From: Guillermo Calderon - INCO <[email protected]>
> Subject: [pmwiki-users] question about Cookbook/SwitchToSSLMode
> To: [email protected]
> Message-ID: <[email protected]>
> Content-Type: text/plain; charset=ISO-8859-1; format=flowed
>
>
> Hi all;
> I was reading the page Cookbook/SwitchToSSLMode.
> There, a complex solution is described in order to "only actions
where
> passwords are likely to be passed are sent via SSL"
>
> However, "The example assumes there are not read-protected pages,
> since
> any 'read' passwords entered to view a page would be sent via a non-
> SSL
> connection"
>
> It sounds too restricted since (almost) every wiki has some
> read-protected pages and groups.
>
> I have implemented a very simple solution where only passwords are
> sent
> via SSL and the other posts are sent via http.
> In config.php:
>
> SDVA($InputTags['auth_form'], array(
> ':html' => "<form
> action='https://{$_SERVER['HTTP_HOST']}{$_SERVER
> ['REQUEST_URI']}'
> method='post'
> name='authform'>\$PostVars"));
>
> This way the action field of the auth-form sends all the
information
> via https.
>
> My question: does this solution really work?
> (I think so, by I would like to be sure)
>
> Guillermo
>
>
>
>
> ------------------------------
>
> _______________________________________________
> pmwiki-users mailing list
> [email protected]
> http://www.pmichaud.com/mailman/listinfo/pmwiki-users
>
>
> End of pmwiki-users Digest, Vol 42, Issue 19
> ********************************************
_______________________________________________
pmwiki-users mailing list
[email protected]
http://www.pmichaud.com/mailman/listinfo/pmwiki-users
_______________________________________________
pmwiki-users mailing list
[email protected]
http://www.pmichaud.com/mailman/listinfo/pmwiki-users
