httpd-wiki-changes mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Apache Wiki <wikidi...@apache.org>
Subject [Httpd Wiki] Update of "FileSystemSecurity" by thumbs
Date Fri, 30 Jul 2010 16:14:04 GMT
Dear Wiki user,

You have subscribed to a wiki page or wiki category on "Httpd Wiki" for change notification.

The "FileSystemSecurity" page has been changed by thumbs.
http://wiki.apache.org/httpd/FileSystemSecurity?action=diff&rev1=3&rev2=4

--------------------------------------------------

  
  In many cases, writable directories are not strictly necessary even though the web app might
like them: rather than upload plugins (which contain code that gets executed or interpreted,
yech!) through the web browser, upload them through ssh and manually unpack them on the server.
 The CMS Joomla! likes to write its configuration file to the Document Root on initial install
(which promptly becomes a popular attack target) but if it can't write to the Document Root,
it will output the config to the browser to the user can manually upload it.
  
+ (Credits to Sander Temme for elaborating on this subject in a much more concise fashion
than I could have achieved)
+ 

Mime
View raw message