On 27/04/2011 21:30, JK4 wrote:
The only writeable directory is *installdir/temp*, which is 770 and
root:www-data.
The attack you are mainly worried about is that if the /temp dir can be
reached via some real URL, then the user contrives to make your
application create some temp file called
Hi,
I am now back in work, and can check the server.
The RC installation is already on a mount point with noexec,nosuid. I
could not remember last night. I don't know what could be gained by
moving the temp dir outside of the RC installation. Might be unwanted.
I use syslog, but the
On 04/27/2011 12:34 PM, J4K wrote:
On 04/22/2011 08:02 PM, Thomas Bruederli wrote:
Dear Roundcube users and lovers,
We're happy to announce another release of the Roundcube webmail
suite. This service update brings some more bug fixes and stability
improvements and it includes an updated
Hi
I strongly recommend yo create the .htaccess files to secure your
installation from unsavoury access.
R e g a r d s
M i c h a e l L G r i f f i n
Please consider the environment before printing this email
He who play in root,
eventually kill tree.
On 27 April 2011 12:42,
No, I disagree. Why do I need an .htaccess?
All files are either 644 400, and all dirs are either 700 or 755 where
applicable.
All files owned by root.
Please elaborate?
On 04/27/2011 08:01 PM, Michael wrote:
Hi
I strongly recommend yo create the .htaccess files to secure your
For example for PHP settings, as these can be adjusted for Roundcube in the
.htaccess.
If you have a dedicated server for Roundcube then you could also set it all
in your php.ini.
What about the log dirs? They must be writable by the web server or do you
use syslog?
(sorry jkl for sending this