Re: [htdig] Security and access for privat websites


Subject: Re: [htdig] Security and access for privat websites
From: Malcolm Austen (malcolm.austen@computing-services.oxford.ac.uk)
Date: Mon May 22 2000 - 04:32:06 PDT


On 22 May 2000, Andreas Vogt wrote:

+ So, how can I protect htsearch from being abused by typing in another
+ config in the URL?

I'm about to tackle exactly this problem. Please feel free to shoot down
my plan which has not yet been implemented 8-) ...

I intend to remove the "other" execute permission on htsearch and force
all searches to go through a perl wrapper script. That wrapper will
detect whether the request is coming from inside/outside our domain and
force restrictions on which config files may be used.

As long as the wrapper script is able to execute htsearch (that's just
another permissions matter) then I haven't yet found a flaw in the plan.

regards,
        Malcolm.

 Malcolm.Austen@OUCS.ox.ac.uk http://users.ox.ac.uk/~malcolm/

------------------------------------
To unsubscribe from the htdig mailing list, send a message to
htdig-unsubscribe@htdig.org
You will receive a message to confirm this.



This archive was generated by hypermail 2b28 : Mon May 22 2000 - 02:20:53 PDT