Bookmarks

Yahoo Gmail Google Facebook Delicious Twitter Reddit Stumpleupon Myspace Digg

Search queries

bind-address mysql multiple, sanibleone xxxx, ftp://192.168.100.100/, www.xxxcon, which comes first ob_start or session, wwwxxx/58/2010, xxxxdup, xxxxdup, mailx informatii, should producers of software-based services, such as atms, be held liable for economic injuries suffered when their systems fail?

Links

XODOX
Impressum

#1: mod_dav - practical use

Posted on 2010-10-08 15:35:00 by Hajo Locke

Hello List,

a question to mod_dav. Some providers offer mod_dav to edit files which are
also editable/writeable by ftp-user?
In most cases ftp-users/apacheuser are different to avoid security problems.
Whats the trick to make this possible without security risk?
could imagine a special user/group setup but all my solutions result in
securityproblems by to much readability.

Thanks,
Hajo


------------------------------------------------------------ ---------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Report this message

#2: Re: mod_dav - practical use

Posted on 2010-10-08 17:28:27 by i.galic

----- "Hajo Locke" <hajo.locke@gmx.de> wrote:

> Hello List,
>=20
> a question to mod_dav. Some providers offer mod_dav to edit files
> which are=20
> also editable/writeable by ftp-user?
> In most cases ftp-users/apacheuser are different to avoid security
> problems.=20
> Whats the trick to make this possible without security risk?

It's not so much a trick.. You reverse-proxy DAV (write) requests to a
back-end which is running on an unprivileged port, as an unprivileged
user, who has the permission to do writes on the FS.

> could imagine a special user/group setup but all my solutions result
> in=20
> securityproblems by to much readability.
>=20
> Thanks,
> Hajo=20
>=20

bye,
i

--=20
Igor GaliÃÂ

Tel: +43 (0) 664 886 22 883
Mail: i.galic@brainsware.org
URL: http://brainsware.org/

------------------------------------------------------------ ---------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Report this message