On Mon, Jul 16, 2012 at 10:50 PM, Jason Thomas <[email protected]> wrote:
> Hi Chris,
>
> You can sort the security issue by require the user to delete the install
> script after they complete the install. and making it so the application
> can't be accessed until this is done.
>
> So perhaps a setuid script which also changes the perms and ensures the
web server cannot write to itself? I.e. something like:
system('tools/secure_installation.pl'); where secure_installation.pl is
setuid to root? that could tighten up file permissions, etc. The
installation script could also just refuse to run if the ledgersmb.conf is
present.
Best Wishes,
Chris Travers
------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
Ledger-smb-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/ledger-smb-devel
