[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Phpgroupware-tracker] [ 100420 ] filemanager directory security

From: nobody
Subject: [Phpgroupware-tracker] [ 100420 ] filemanager directory security
Date: Tue, 12 Feb 2002 05:55:05 -0500

Support Request #100420, was updated on 2002-Feb-12 10:55
You can respond by visiting:

Category: Question
Status: Open
Priority: 5
Summary: filemanager directory security

By: phunqe
Date: 2002-Feb-12 10:55

Logged In: YES 
Browser: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; Q312461)


I'm not sure whether I'm confused about this, or if it 
really should be this way. For example; if you have a 
phpgroupware site called and a user called 
smith, then you can go to his files directly via without 
logging in (you can turn off dir browsing in your ww 
server, but if you know the filename it doesn't 
matter), without any security measures at all. I know 
this security "responsibility" lays with the www 
server, but it seems wierd. Why are the files stored 
in a directory accessible directly via the www server, 
and not in any other place where you only can access 
them via the filemanager module when you are actually 
logged in?


You can respond by visiting:

reply via email to

[Prev in Thread] Current Thread [Next in Thread]