[pmwiki-users] OpenOffice.org file uploads
Algis Kabaila
akabaila at pcug.org.au
Tue Nov 14 05:54:48 CST 2006
On Tuesday 14 November 2006 12:31, H. Fox wrote:
> On 11/13/06, Robin Sheat <robin at kallisti.net.nz> wrote:
> > On Tuesday 14 November 2006 12:56, Algis Kabaila wrote:
> > > server (how else would one run "Mailman"?), IMHO security based on file
> > > extensions is very weak indeed - almost meaningless. Why? Python will
> > > run "scripts" (programs) without any extensions of their name. This is
> > > a problem for security, is it not?
> >
> > I'd expect not. While Python (and Perl, and PHP) can run files without a
> > particular extension, when part of a website, it's Apache that decides
> > who gets to run it. And typically (as I understand it), it gives it to
> > PHP if it's a .php file, Perl if it's a .pl file, and so on.
>
> Put another way, the file extensions are "MIME-type extensions". The
> server uses them to determine the type of content the file contains.
>
> http://httpd.apache.org/docs/1.3/mod/mod_mime.html#addtype
> http://httpd.apache.org/docs/2.0/mod/mod_mime.html#addtype
>
> The reason this line
>
> AddType text/plain phtml pht php phps php3 php3p php4 pl pm py
>
> is in the .htaccess file of your uploads/ directory is to cause the
> server to deliver them files with those extensions to the browser as
> plain text from that directory (and directories below it).
>
> Hagan
Thanks for the further reassurance. It is nearly 2300 hrs here - bed time for
old people. As soon as I finish a little Python script, I will hit the sack
reassured!
OldAl.
--
Algis Kabaila (Dr)
akabaila[at]pcug[dot]org[dot]au
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : /pipermail/pmwiki-users/attachments/20061114/65c16910/attachment.bin
More information about the pmwiki-users
mailing list