mirror of
https://github.com/EGroupware/egroupware.git
synced 2025-06-21 02:18:28 +02:00
Note about files/* and security (or lack therof)
This commit is contained in:
parent
9f0d7b8aa8
commit
2b633e055b
11
doc/SECURITY
11
doc/SECURITY
@ -10,9 +10,18 @@ program. I do not like keeping passwords in any medium that is not encryped.
|
|||||||
|
|
||||||
The email system stores its file attachments in a temp directory. For right
|
The email system stores its file attachments in a temp directory. For right
|
||||||
now, you need to watch this directory because it can fill up very quickly.
|
now, you need to watch this directory because it can fill up very quickly.
|
||||||
If a user does not finsh composing the message (going else where in the program, internet connection dieing, browser crash, etc) the file will sit there until
|
If a user does not finsh composing the message (going else where in the program,
|
||||||
|
internet connection dieing, browser crash, etc) the file will sit there until
|
||||||
it is deleted. There will be a simple cron program to go through and clean
|
it is deleted. There will be a simple cron program to go through and clean
|
||||||
things up.
|
things up.
|
||||||
|
|
||||||
|
The files/users and files/groups directories need to be writable by the UID
|
||||||
|
that php runs under (nobody or your apache UID). This is a security risk
|
||||||
|
if 3rd parties can place php or cgi scripts on your machine, because they
|
||||||
|
will have full read/write access to those directories.
|
||||||
|
You should also consider moving the files directory outside of the
|
||||||
|
tree your webserver has access to to prevent websurfers from directly accessing
|
||||||
|
the files, or add in .htaccess files to restrict access to that tree.
|
||||||
|
|
||||||
Besides this, there is nothing else that I am aware of. Let me know if you
|
Besides this, there is nothing else that I am aware of. Let me know if you
|
||||||
find anything.
|
find anything.
|
||||||
|
Loading…
x
Reference in New Issue
Block a user