<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 TRANSITIONAL//EN">
<HTML>
<HEAD>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; CHARSET=UTF-8">
<META NAME="GENERATOR" CONTENT="GtkHTML/3.6.2">
</HEAD>
<BODY>
And the database can be protected (mostly) by explicitly allowing connections from ONLY the wifidog-auth servers IP(s), and of course some maintainence workstation IPs too<BR>
<BR>
-Pete Flaherty<BR>
<BR>
On Mon, 2006-01-30 at 01:15 -0500, Benoit Grégoire wrote:
<BLOCKQUOTE TYPE=CITE>
<PRE>
<FONT COLOR="#000000">On January 30, 2006 12:09 am, Max Horváth wrote:</FONT>
<FONT COLOR="#000000">> - gpg control packet</FONT>
<FONT COLOR="#000000">></FONT>
<FONT COLOR="#000000">> Pete Flaherty wrote:</FONT>
<FONT COLOR="#000000">> > Max,</FONT>
<FONT COLOR="#000000">> > Remember some of us run Wifidog Auth in a chrooted jail</FONT>
<FONT COLOR="#000000">> > environment, so anything that is wifidog/ (aka public_html) needs</FONT>
<FONT COLOR="#000000">> > to stay below that structure or we berak things</FONT>
<FONT COLOR="#000000">> ></FONT>
<FONT COLOR="#000000">> > -Pete Flaherty</FONT>
<FONT COLOR="#000000">></FONT>
<FONT COLOR="#000000">> Pete,</FONT>
<FONT COLOR="#000000">></FONT>
<FONT COLOR="#000000">> I remember that. And this is the best way to run the auth server. ;)</FONT>
<FONT COLOR="#000000">></FONT>
<FONT COLOR="#000000">> But you can configure the chrooted Apache to include those folders.</FONT>
<FONT COLOR="#000000">> You just have to start at / - not /wifidog.</FONT>
<FONT COLOR="#000000">True, but that needs explicit modification to apache configuration for every </FONT>
<FONT COLOR="#000000">installation of wifidog. Furthermore it's a new class of path problems to </FONT>
<FONT COLOR="#000000">detect and deal with. Finally, it makes running wifidog from the </FONT>
<FONT COLOR="#000000">subdirectory of an existing vhost really annoying (the path above </FONT>
<FONT COLOR="#000000">you /wifidog will actually point to another directory, so you'll have to </FONT>
<FONT COLOR="#000000">explicitely add it to your PHP path in the apache config file).</FONT>
<FONT COLOR="#000000">> I think it's important to get some folders out of "public_html" -</FONT>
<FONT COLOR="#000000">> it's for the survey of files and for files that just don't belong to</FONT>
<FONT COLOR="#000000">> the "public world" ;) ...</FONT>
<FONT COLOR="#000000">></FONT>
<FONT COLOR="#000000">> Please prove me if I'm wrong :) ...</FONT>
<FONT COLOR="#000000">Well, the content of class and include files can't be listed unless you have a </FONT>
<FONT COLOR="#000000">really broken configuration, so I'd say the risk is pretty minimal. In any </FONT>
<FONT COLOR="#000000">case the only sensitive file is the config file (it will always contain the </FONT>
<FONT COLOR="#000000">username and password of the database).</FONT>
<FONT COLOR="#000000">_______________________________________________</FONT>
<FONT COLOR="#000000">WiFiDog mailing list</FONT>
<FONT COLOR="#000000"><A HREF="mailto:WiFiDog@listes.ilesansfil.org">WiFiDog@listes.ilesansfil.org</A></FONT>
<FONT COLOR="#000000"><A HREF="http://listes.ilesansfil.org/cgi-bin/mailman/listinfo/wifidog">http://listes.ilesansfil.org/cgi-bin/mailman/listinfo/wifidog</A></FONT>
</PRE>
</BLOCKQUOTE>
</BODY>
</HTML>