| Pages: [1] |
|
|
 Author |
Topic: Security question (Read 1158 times) |
|
kezing
Posts: 2
|
I have a working snippetmaster at my site. I changes permission for all nercassary files so everything works fine.
Since I dont like open up all files e.g the ones I have adjusted for snippetmaster, for user "nobody" = others, I have tried to followin aproach.
In the file/files I want to use snippetmaster, I have removed all code/text between snippet-tags and put them in a separate file. In the original file I instead use the include statement.
I tried this and it works fine.
My intention was to put all "include-files" in a seperate directory which I then give the appropiate permission and leaving the rest of my files/site with limited rights.
But have I really gained any more security this way?
|
|
|
|
|
admin
Forum Administrator
Posts: 2722
SnippetMaster Author
|
What you have done is the "method 2" for SnippetMaster installation: http://www.snippetmaster.com/install.html
I wouldn't say it's any more secure, except that the only thing public is the actual code snippets, instead of the whole page.
Unfortunately, there's absolutely no way to have a script access your user files unless:
1. The script is running as your user. (Your web host may be able to make this work using something called "suexec".)
2. The file has read/write permissions for whatever user is running the scripts for your website. Typically, this is a user called "nobody" or "web".. and is part of the "public" group. This is why you have to give permissions of 777.
Hope that helps to at least explain what is going on..
Cheers!
|
|
|
|
|
|
|
Pages: [1]
|
|
|
|
Logged