[horde] horde interapplication conflicts

Nico Galoppo scratch at ace.ulyssis.org
Sun Feb 18 12:21:19 PST 2001

--* Rich Lafferty (Sun, Feb 18, 2001 at 12:03:49PM -0500) *--

> > Are you sure that it's safe to put all the horde code in a publically
> > accessible webdir, security-wise?
> Well, it's all *intended* to be executed. Anything that executes *and*
> does something needs the user to be logged in; anything that just
> loads up a bunch of variables or functions can happily do so then exit
> without any side effects at all.
> (Since you tell your webserver to hand ".php" files to the PHP
> interpreter, it's not like they'll be displayed or anything.)

True, but then there's the ".inc" files. I'm playing the devil's
advocate here. Ofcourse you could tell the webserver not to show them,
and/or never put any confidential stuff in there, but I prefer the
approach of putting everything that's code outside the public tree as a
general rule. Then you're less prone to human error I guess.


nico galoppo   -   tremelo/leuven, belgium
               -   erasmus/socrates student in grenoble, france
[bash]:~$ man woman                 nico at crossbar dot net
No manual entry for woman           debian linux :: vim powered

More information about the horde mailing list