[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-security] RE: SSI Vuln on cobalt
- Subject: Re: [cobalt-security] RE: SSI Vuln on cobalt
- From: Jeff Lasman <jblists@xxxxxxxxxxxxx>
- Date: Mon, 22 Apr 2002 09:18:51 -0700
- Organization: nobaloney.net
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
Brett Wright wrote:
> Thats quite a nice way of doing it, but that still doesnt stop users from
> uploading htaccess.txt and then renaming it on the server using there FTP
> client.
>
> It looks almost impossible to stop users doing this, basically it gives
> them the same access as what shell would.
Easy way, as I mentioned in an earlier reply, install a root-owned
.htaccess file in the /web folder. Then your site-admin won't be able
to upload one.
Jeff
--
Jeff Lasman <jblists@xxxxxxxxxxxxx>
Linux and Cobalt/Sun/RaQ Consulting
nobaloney.net
P. O. Box 52672, Riverside, CA 92517
voice: (909) 778-9980 * fax: (702) 548-9484