[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Phpgroupware-tracker] [ 100420 ] filemanager directory security
|
From: |
nobody |
|
Subject: |
[Phpgroupware-tracker] [ 100420 ] filemanager directory security |
|
Date: |
Tue, 12 Feb 2002 05:55:05 -0500 |
Support Request #100420, was updated on 2002-Feb-12 10:55
You can respond by visiting:
http://savannah.gnu.org/support/?func=detailsupport&support_id=100420&group_id=509
Category: Question
Status: Open
Priority: 5
Summary: filemanager directory security
By: phunqe
Date: 2002-Feb-12 10:55
Message:
Logged In: YES
user_id=5009
Browser: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; Q312461)
Hello,
I'm not sure whether I'm confused about this, or if it
really should be this way. For example; if you have a
phpgroupware site called
http://www.mysite.com/phpgroupware and a user called
smith, then you can go to his files directly via
http://www.mysite.com/phpgroupware/files/smith without
logging in (you can turn off dir browsing in your ww
server, but if you know the filename it doesn't
matter), without any security measures at all. I know
this security "responsibility" lays with the www
server, but it seems wierd. Why are the files stored
in a directory accessible directly via the www server,
and not in any other place where you only can access
them via the filemanager module when you are actually
logged in?
Cheers,
Stefan
----------------------------------------------------------------------
You can respond by visiting:
http://savannah.gnu.org/support/?func=detailsupport&support_id=100420&group_id=509
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [Phpgroupware-tracker] [ 100420 ] filemanager directory security,
nobody <=