Apache question
Brian Densmore
DensmoreB at ctbsonline.com
Wed Apr 7 19:23:58 CDT 2004
okay, I installed phpGedView (family tree display program) on my webserver
(rather than reinvent the wheel). I discovered a security issue though.
Although I can set the security to not show personal information
in my family tree, it allows persons to view the directory where
the gedcom files are stored and also it's own generated index of the
gedcom file. This allows users to open up and download private
information. So I changed the http.conf file and also added a
.htaccess file that denies all access to the directory.
My question is: would this have any impact on a server side php script
trying to access data in that directory? And if so how can I accomplish
securing the files in the directory and still allowing the program to work?
Brian
"Three OS's from corporate-kings in their towers of glass,
Seven from valley-lords where orchards used to grow,
Nine from dotcoms doomed to die,
one from the dark lord Gates on his dark throne
In the Land of Redmond where the Shadows lie.
one OS to rule them all, one OS to find them,
one OS to bring them all and in the darkness bind them,
In the Land of Redmond where the Shadows lie." john thrum
More information about the Kclug
mailing list