[horde] horde interapplication conflicts

Rich Lafferty rich at horde.org
Sun Feb 18 09:03:49 PST 2001


On Sun, Feb 18, 2001 at 10:52:19AM +0100, Nico Galoppo (scratch at ace.ulyssis.org) wrote:
> 
> > It's not clear to me what benefit you gain from doing all this include
> > stuff?  Just put the horde tree under htdocs.
> 
> Are you sure that it's safe to put all the horde code in a publically
> accessible webdir, security-wise?

Well, it's all *intended* to be executed. Anything that executes *and*
does something needs the user to be logged in; anything that just
loads up a bunch of variables or functions can happily do so then exit
without any side effects at all.

(Since you tell your webserver to hand ".php" files to the PHP
interpreter, it's not like they'll be displayed or anything.)

  -Rich

-- 
------------------------------ Rich Lafferty ---------------------------
 Sysadmin/Programmer, Instructional and Information Technology Services
   Concordia University, Montreal, QC                 (514) 848-7625
------------------------- rich at alcor.concordia.ca ----------------------




More information about the horde mailing list