[horde] horde interapplication conflicts
Nico Galoppo
scratch at ace.ulyssis.org
Sun Feb 18 12:21:19 PST 2001
--* Rich Lafferty (Sun, Feb 18, 2001 at 12:03:49PM -0500) *--
> > Are you sure that it's safe to put all the horde code in a publically
> > accessible webdir, security-wise?
>
> Well, it's all *intended* to be executed. Anything that executes *and*
> does something needs the user to be logged in; anything that just
> loads up a bunch of variables or functions can happily do so then exit
> without any side effects at all.
>
> (Since you tell your webserver to hand ".php" files to the PHP
> interpreter, it's not like they'll be displayed or anything.)
True, but then there's the ".inc" files. I'm playing the devil's
advocate here. Ofcourse you could tell the webserver not to show them,
and/or never put any confidential stuff in there, but I prefer the
approach of putting everything that's code outside the public tree as a
general rule. Then you're less prone to human error I guess.
--nico
--
nico galoppo - tremelo/leuven, belgium
- erasmus/socrates student in grenoble, france
---------------------------------------------------------------
[bash]:~$ man woman nico at crossbar dot net
No manual entry for woman debian linux :: vim powered
More information about the horde
mailing list