Darrell May wrote:
> # Administration: phpmyadmin
> Alias /phpmyadmin /opt/administration/phpmyadmin
> <Directory /opt/administration/phpmyadmin>
> RequireSSL on
So you will only be able to assecc this using SSL?
How do you allow "dual" access? Like with webmail!
> Options -Indexes
What does this do?
> AllowOverride None
> order deny,allow
> deny from all
> allow from all
> AuthName "phpMyAdmin"
> AuthType Basic
> AuthExternal pwauth
> require user admin
Can you specify a particular user i.e. bfriedman? I assume they have to
be a user on SME.
> Satisfy all
> AddType application/x-httpd-php .php .php3
> php_flag magic_quotes_gpc on
> php_flag track_vars on
I have seen this mentioned in some applications. Some ask to turn it
off! Just RTFM before right?
> </Directory>
>
> Here is an example of forcing SSL and locking access to multiple defined
> user/passwords:
>
> <Directory /opt/developers>
> RequireSSL on
> Options -Indexes
> AllowOverride None
> order deny,allow
> deny from all
> allow from all
> AuthName "Restricted Developer Access Only"
> AuthType Basic
> AuthUserFile /etc/httpd/conf/htpasswd.developers
> Require valid-user
> AddType application/x-httpd-php .php .php3
> php_flag magic_quotes_gpc on
> php_flag track_vars on
> </Directory>
Ok got it!
>>3. Directory ownership - Who should be the owner of this directory? www
>>or root:shared? Why?
>>
>
> The goal is to be restrictive and only permit access where access is
> directly needed. In this case www:www is not the best choice. Keep the
> majority of your files set root:root and either 640 or 644 which simply adds
> global read. Only files that your app MUST write to should be set www:www
> and this is where you need to be careful.
In other word, RTFM for the app.
Do you want to give global read right?
>>4. Access right? - chmod ? 755 should be ok?
>>
>
> 7 adds executable and this should be avoided. It is only necessary for
> binary files and scripts. How ever be careful as dirctories usually require
> 755 so make sure you do not chmod -R 640 *. Use the find command to change
> only files.
>
> # find . -type f -name "*" -exec chmod 640 {} \;
I see this is going to be more complicated than I first though.What I
think I will do is write a generic guideline. Rather than a howto, these
are thing that should be in the SME manual!
--
Regards
Brandon Friedman
Cell:083 408 7840
E-mail: [EMAIL PROTECTED]
www.bfconsult.co.za
--
Please report bugs to [EMAIL PROTECTED]
Please mail [EMAIL PROTECTED] (only) to discuss security issues
Support for registered customers and partners to [EMAIL PROTECTED]
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Archives by mail and http://www.mail-archive.com/devinfo%40lists.e-smith.org
