[isf-wifidog] Paths in WiFiDog auth server

[Max Horváth]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Benoit Grégoire wrote :

> On January 30, 2006 12:09 am, Max Horváth wrote:
>
>> - gpg control packet
>>
>> Pete Flaherty wrote:
>>
>>> Max,
>>> Remember some of us run Wifidog Auth in a chrooted jail
>>> environment, so anything that is wifidog/ (aka public_html) needs
>>> to stay below that structure or we berak things
>>>
>>> -Pete Flaherty
>>>
>>
>> Pete,
>>
>> I remember that. And this is the best way to run the auth server. ;)
>>
>> But you can configure the chrooted Apache to include those folders.
>> You just have to start at / - not /wifidog.
>>
>
> True, but that needs explicit modification to apache configuration  
> for every
> installation of wifidog.  Furthermore it's a new class of path  
> problems to
> detect and deal with.  Finally, it makes running wifidog from the
> subdirectory of an existing vhost really annoying (the path above
> you /wifidog will actually point to another directory, so you'll  
> have to
> explicitely add it to your PHP path in the apache config file).
>
>
>> I think it's important to get some folders out of "public_html" -
>> it's for the survey of files and for files that just don't belong to
>> the "public world" ;) ...
>>
>> Please prove me if I'm wrong :) ...
>>
>
> Well, the content of class and include files can't be listed unless  
> you have a
> really broken configuration, so I'd say the risk is pretty  
> minimal.   In any
> case the only sensitive file is the config file (it will always  
> contain the
> username and password of the database).
>

Well, I see it'll be kinda like running against walls for me ;) ...

So what about adding .htaccess files to the folders that don't  
contain any files to be read by the public?

Cheers, Max!


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (Darwin)

iD8DBQFD3bXK+BKgC+eQ3ooRAklaAJ0WpMEWLGlqpxSHd/Dwbv+n5LMwQgCgkr/0
IQTZurq2AbdPmORRWOJaeNg=
=KmPn
-----END PGP SIGNATURE-----