[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Bug-myserver] ideas about how improve security file

From: Giuseppe Scrivano
Subject: Re: [Bug-myserver] ideas about how improve security file
Date: Mon, 25 Aug 2008 21:46:53 +0200
User-agent: Mozilla-Thunderbird (X11/20080724)

Alexandru IANCU wrote:

> I strongly feel security file needs to contain additional information.
> For example I would like to have an attribute into a specific folder
> telling MS all folder's contains shall be sent via fastcgi to configured
> manager.
> Actually I don't mind having this information elsewhere(not in security
> file, we can cfg a subpath into global cfg files). I think about
> security file as a cfg file where I can cfg something local to that
> folder not necessarly file/user access info. E.g. add mime types (think
> of a user having write access only to it's home web folder).

Yes, this is something we absolutely need.  But imagine this situation:

The security file inside public_html says for example that
cgi_application should be handled like a FastCGI application; but inside
the ..../path/ directory there is another security file.
This file hides the previous one and the cgi_application path is not
handled as a FastCGI application anymore.

How to solve this problem?  We can't look at any security file in the
patch because it will cause conflicts with settings.
In my opinion MIME type should be handled differently, moreover it will
cause security flaws if it is possible to configure something as CGI by
any user and keep the MIME types configuration only in centralized files
(myserver.xml and virtualhosts.xml).
Have the opportunity to define them in the virtualhosts.xml file is
enough I think, in a sane environment this file is accessed only by
administrators then with rights to configure new processes and servers,
like in the case of FastCGI or SCGI.
To make it more generic we can extend the current possibility to have
another MIMEtypes.xml in the system of a vhost.  But this possibility
should be configured in the vhost configuration file on a per host base.

What do you think?


reply via email to

[Prev in Thread] Current Thread [Next in Thread]