One thing to add...
all users on linux.com.sg can view the passwords of admins,etc..
Ur directories can be "cd"ed to and listed and files viewed.
Elvin
-
On Mon, 11 Oct 1999, Caleb wrote:
> Date: Mon, 11 Oct 1999 18:13:02 +0800
> From: Caleb <[EMAIL PROTECTED]>
> Reply-To: [EMAIL PROTECTED]
> To: [EMAIL PROTECTED]
> Subject: Re: [SLP] Re: Ultimate Bulletin Board Ready
>
> I'm not too sure with CGI-Wrap, can somebody help with this?
> ----- Original Message -----
> From: Alf <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>
> Sent: Monday, October 11, 1999 11:04 AM
> Subject: Re: [SLP] Re: Ultimate Bulletin Board Ready
>
>
> > Yo !
> >
> > > > UBB was quite sloppily written and requires patching and constant
> > > > monitoring. CGI-Wrapping and 750 solves the problem usually.
> > > Can you advise us on the patching required and the kind of
> > > constant monitoring?
> > 1. Modify the password to be saved to be crypt(x,y)
> > 2. Move the Members directory out of CGI. (create an outside
> > directory to store the members files in)
> > 3. Move all controlpanel.html out of the normal CGI directory)
> > 4. Install CGI-wrap
> > 5. Remove 777 and 755s.. 700 should be enuf since it's running as
> > owners
> > 6. Monitor via grepping of admin CGIs.
> > 7. Backups
> > 8. Quite a few more i'll to remember and post here...
> >
> >
> > Elvin
> > -
> >
> >
>
