Loyd Goodbar <[EMAIL PROTECTED]> said:
> Does Midgard have any security issues (other than the administration
> interface)? Can the knowledge that I use Midgard to generate a website be
used
> to break said site? What about using PHP to "break into" Midgard?
>
> I'm not complaining, Midgard is quite an achievement, esp 1.4 with all the
new
> stuff! However, I have not heard anything pro or con regarding site security
> from the outside world. Are there any tips for securing a Midgard'ed
website?
>
> Thanks!
> Loyd
I guess there is a small document for general advice..
from my recollection... of a few other general php/db stuff..
1. add php3_base_opendir to the a directory so any php code executed can only
access a certain location.
(note with our layered admin, the sysadmin domain should have access to /tmp
and /var/cvs so it needs overriding for the admin interface)
2. change the default database username/passwords..
3. do not put passwords into the SG0 midgard code? and maybe other Sitegroups.
any other ideas???
regards
alan
> --
> Loyd Goodbar
> [EMAIL PROTECTED] ICQ#504581
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>
>
--
Technical Director
Linux Center (HK) Ltd.
www.hklc.com
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
