On Sun, 6 Jan 2008, Martin Fick wrote:
--- [EMAIL PROTECTED] wrote:
I think there's also a threat situation where
non-root users on the server
can read files in wiki.d/, e.g. 'apache'. In this
case, having the files
encrypted could help, although key management is
still a problem.
Sure, but I would just classify that as the same
threat (or maybe less of) as #2:
2) who can sniff your ftp password and therefor even
access the files once they are on the server (sounds
like yes also?)
A local use might be even less of a threat than someone who has your ftp
password. The local user can likely only see files that you give world
readable permissions to, the ftp user can see everything you can see.
I see. In my case, I don't use ftp, but there are other users on the
machine and the wiki.d/-pages are generally world readable. Not sure why
though... maybe it's the default? Patrick?
/Christian
--
Christian Ridderström, +46-8-768 39 44 http://www.md.kth.se/~chr
_______________________________________________
pmwiki-devel mailing list
[email protected]
http://www.pmichaud.com/mailman/listinfo/pmwiki-devel
