[pmwiki-users] Re: wiki farm vs individual programs
Neil Herber
nospam at eton.ca
Fri Jun 3 12:08:37 CDT 2005
At 2005-06-03 11:52 AM -0500, Jon Haupt is rumored to have said:
>I think I like this better than just preventing access to pmwiki.php
>because as I said before I could still browse to the pmwiki root directory
>and look around or run scripts, etc.
Jon
As long as all of the scripts conform to the PmWiki "standard" they can
only be executed by PmWiki. Each one starts (or should start) with:
<?php if (!defined('PmWiki')) exit();
As long as directory indexing is disabled for the farm directory, intruders
will have to guess at file names (pretty easy for PmWiki scripts). You are
welcome to tromp about in my non-servable farm to see if it lets you do
anything you wouldn't want to have happen on your system. Let me know if
you find any holes!
http://all.eton.ca/pmwiki/
This directory contains a full version of PmWiki 2.0b37. I suspect that the
only thing you will be able to see will be things like:
http://all.eton.ca/pmwiki/scripts/intermap.txt
http://all.eton.ca/pmwiki/copying
and the CSS files in /pub.
Neil
Neil Herber
Corporate info at http://www.eton.ca/
Eton Systems, 15 Pinepoint Drive, Nepean, ON, Canada K2H 6B1
Tel: (613) 829-4668
More information about the pmwiki-users
mailing list