[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: secure way for users webpage uploads

Hi

On Mon, Jul 17, 2000 at 09:55:07AM -0500, John F. Davis wrote:
> What is the most secure way for users to update their webpages?
> 
> Currently, I only allow scp and not ftp.  However, scp doesn't allow
> users to delete old files.  
This isn't the best way I'm sure, but it would be secure. Write a cgi
script running on an apache-ssl with mod_auth_system and do PUT uploads in
the users respective public_html directory, so you even do not need to
give a shell to these users. Just create some kind of file browser for
their public_html directory (of course that script should be audited), so
users can mv and delete files.


MfG/Regards, Alexander

-- 
Alexander Reelsen   http://joker.rhwd.de
ref@linux.com       GnuPG: pub 1024D/F0D7313C  sub 2048g/6AA2EDDB
ar@rhwd.net         7D44 F4E3 1993 FDDF 552E  7C88 EE9C CBD1 F0D7 313C
Securing Debian:    http://joker.rhwd.de/doc/Securing-Debian-HOWTO
Reply to: