Neal Richter wrote:
If you are dilligent enough in verifying input from the user you can
lock-down what the user could enter to the file. You could also have a
process to copy the user/PHP created script to the main htdig.conf file
to further isolate it.
Put PHP's security problems aside, if the file is owned by the user or
nobody (IE the script can write to it) then the user can open it in a
text editor via SSH and change it, so all the hours you'd spend
limiting, checking and hoping you didn't miss any sort of "bad entry"
injection, is all for naught because they have write access to it.
I understand your idea. It's a good idea. I am trying to come up with
a work-alike for you, as it's unlikely that the idea will be implemented
in 3.1.6 or 3.2.bx.
I don't need an interface to edit a config file (which in itself isn't a
bad idea and has been done) I needed to know for sure if:
include: file/they/can/write/to/by/whatever/means.conf
important: they should not be able to change this via their include
then they can put whatver they want in
file/they/can/write/to/by/whatever/means.conf and "important" will
always be "they should not be able to change this via their include"
The other alternative is to set up the defaults.cc file how you want it
and make a custom binary, then the htdig.conf file would only contain
the user overrides you allow. A perl script could validate that only a
discrete set of configs are contained in the file and filter-out others
before passing to htsearch via a command-line switch. htdig -c xxx.conf.
To much work and ways to get around it still :), just:
include: file/they/have/write/access/to.conf
# directives you don't want chanegd here
then you're directives are "safe" and there's zero overhead mainteneance
wise because only I can write to the file described above.
What *would* be a nice addition to htdig is to make it catch include: loops:
in main.conf
include: user.conf
in user.conf
include: main.conf
it'd include user.conf and when it got to the include: user.conf line
throw a warning/log that main.conf is already part of the party and then
ignore it.
That'd be trivial to do and would be extremely handy :)
Thanks for the input though
-------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems? Stop! Download the new AJAX search engine that makes
searching your log files as easy as surfing the web. DOWNLOAD SPLUNK!
http://ads.osdn.com/?ad_id=7637&alloc_id=16865&op=click
_______________________________________________
ht://Dig general mailing list: <[email protected]>
ht://Dig FAQ: http://htdig.sourceforge.net/FAQ.html
List information (subscribe/unsubscribe, etc.)
https://lists.sourceforge.net/lists/listinfo/htdig-general
