Re: User directory security
From: Isaac To (kkto_at_csis.hku.hk)
Date: 06/11/04
- Next message: Isaac To: "Re: User directory security"
- Previous message: JK: "User directory security"
- In reply to: JK: "User directory security"
- Next in thread: Isaac To: "Re: User directory security"
- Reply: Isaac To: "Re: User directory security"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 11 Jun 2004 16:18:05 +0800
>>>>> "JK" == JK <jk6ft2-forum@yahoo.com> writes:
JK> Is there any solution to protect this issue ? any comment ? Thanks.
It is completely wrong to grant permission because a certain creditial is
*lacking*. The whole Unix security scheme does not work that way, and there
will be a never ending stream of holes that allow users to hide their
creditial and "steal" the file. Permissions must be granted because the
accessor *has*, rather than *does not have*, some creditial. You might want
to allocate a group for the web server and create a script owned by the web
server that allow users to change their files to this group (without
allowing other users to view them at the same time). This way you can
easily prove to yourselves that the scheme would actually work independent
of what is happening in the other end of the world.
Regards,
Isaac.
- Next message: Isaac To: "Re: User directory security"
- Previous message: JK: "User directory security"
- In reply to: JK: "User directory security"
- Next in thread: Isaac To: "Re: User directory security"
- Reply: Isaac To: "Re: User directory security"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
