[isf-wifidog] Paths in WiFiDog auth server
pjf at cape.com
Lun 30 Jan 01:36:39 EST 2006
And the database can be protected (mostly) by explicitly allowing
connections from ONLY the wifidog-auth servers IP(s), and of course some
maintainence workstation IPs too
On Mon, 2006-01-30 at 01:15 -0500, Benoit Grégoire wrote:
> On January 30, 2006 12:09 am, Max Horváth wrote:
> > - gpg control packet
> > Pete Flaherty wrote:
> > > Max,
> > > Remember some of us run Wifidog Auth in a chrooted jail
> > > environment, so anything that is wifidog/ (aka public_html) needs
> > > to stay below that structure or we berak things
> > >
> > > -Pete Flaherty
> > Pete,
> > I remember that. And this is the best way to run the auth server. ;)
> > But you can configure the chrooted Apache to include those folders.
> > You just have to start at / - not /wifidog.
> True, but that needs explicit modification to apache configuration for every
> installation of wifidog. Furthermore it's a new class of path problems to
> detect and deal with. Finally, it makes running wifidog from the
> subdirectory of an existing vhost really annoying (the path above
> you /wifidog will actually point to another directory, so you'll have to
> explicitely add it to your PHP path in the apache config file).
> > I think it's important to get some folders out of "public_html" -
> > it's for the survey of files and for files that just don't belong to
> > the "public world" ;) ...
> > Please prove me if I'm wrong :) ...
> Well, the content of class and include files can't be listed unless you have a
> really broken configuration, so I'd say the risk is pretty minimal. In any
> case the only sensitive file is the config file (it will always contain the
> username and password of the database).
> WiFiDog mailing list
> WiFiDog at listes.ilesansfil.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the WiFiDog