Re: secure way for users webpage uploads
On Mon, Jul 17, 2000 at 09:55:07AM -0500, John F. Davis wrote:
> What is the most secure way for users to update their webpages?
> Currently, I only allow scp and not ftp. However, scp doesn't allow
> users to delete old files.
This isn't the best way I'm sure, but it would be secure. Write a cgi
script running on an apache-ssl with mod_auth_system and do PUT uploads in
the users respective public_html directory, so you even do not need to
give a shell to these users. Just create some kind of file browser for
their public_html directory (of course that script should be audited), so
users can mv and delete files.
Alexander Reelsen http://joker.rhwd.de
email@example.com GnuPG: pub 1024D/F0D7313C sub 2048g/6AA2EDDB
firstname.lastname@example.org 7D44 F4E3 1993 FDDF 552E 7C88 EE9C CBD1 F0D7 313C
Securing Debian: http://joker.rhwd.de/doc/Securing-Debian-HOWTO