[horde] horde interapplication conflicts
Rich Lafferty
rich at horde.org
Sun Feb 18 14:22:31 PST 2001
On Sun, Feb 18, 2001 at 09:21:19PM +0100, Nico Galoppo (scratch at ace.ulyssis.org) wrote:
>
> > > Are you sure that it's safe to put all the horde code in a publically
> > > accessible webdir, security-wise?
> >
> > Well, it's all *intended* to be executed. Anything that executes *and*
> > does something needs the user to be logged in; anything that just
> > loads up a bunch of variables or functions can happily do so then exit
> > without any side effects at all.
> >
> > (Since you tell your webserver to hand ".php" files to the PHP
> > interpreter, it's not like they'll be displayed or anything.)
>
> True, but then there's the ".inc" files. I'm playing the devil's
> advocate here. Ofcourse you could tell the webserver not to show
> them,
Yes, that's the idea, since at least one will have your database
authentication information in it.
> and/or never put any confidential stuff in there, but I prefer the
> approach of putting everything that's code outside the public tree as a
> general rule.
I don't understand -- all of Horde and IMP, graphics notwithstanding,
are code. That's the idea behind PHP.
-Rich
--
------------------------------ Rich Lafferty ---------------------------
Sysadmin/Programmer, Instructional and Information Technology Services
Concordia University, Montreal, QC (514) 848-7625
------------------------- rich at alcor.concordia.ca ----------------------
More information about the horde
mailing list