2014/09/28 0:06 "Ron Leach" <ronleach@tesco.net>:
>
> On 27/09/2014 15:35, Miles Fidelman wrote:
>>
>> Joel Rees wrote:
>>>
>>> On Wed, Sep 24, 2014 at 10:53 PM, Ron Leach <ronleach@tesco.net> wrote:
>>>>
>>>> List, good afternoon,
>>>>
>>>> What package would list members suggest for a small webserver that
>>>> would
>>>> enable co-workers to upload files to us?
>>>>
>>> Oh. Well, look at webdav. This is something regularly done with webdav.
>>>
>>
>> That's precisely what WebDAV is for - and it has the advantage that
>> client support is pretty widely available (built into Windows, MacOS,
>> readily available for linux).
>>
>> Server support is a bit harder to find. There's an apache module. But
>> it might be easier to simply set up a subversion server - it comes
>> with a built-in WebDAV server:
>> apt-get install subversion
>> plus some configuration.
>>
>
> I don't know anything about WebDAV - I had seen reference to it in the context of shared diaries/appointments, I think, such as corporates use with their MS Outlook/Exchange systems. Both this suggestion of subversion, and another poster's suggestion of using a wiki, are new to me for this application, and I'll check them both out.
>
CGI, webdav, and subversion are underpinning technologies at different levels that are often used in wikis, blogging engines, and other sharing/authoring systems. You can use them directly or just use the larger, more functionally complete packages.
Considering that bash is one of the interpeters used by CGIs, the posts you may have noticed about the recent vulnerabilities are something you should read for reference. All interpreters have weak spots, and these packages all use interpreters.
> Several folk offered various webservers and, though I am sure those will work, apache and lighttpd being two well-known ones, when I looked around for CGI (or perl, apparently) scripts there were plenty of 'free' examples but I've nowhere near enough experience to take scripts off the web (and check that they are secure) for a file upload of work-related files. I didn't find any 'CGI for dummies' sort of sites, either. I'm hoping that subversion or a wiki may solve my need.
>
At least, set up a private network, either not connected, or carefully firewalled, to practice on, whether you try for a low-level solution or higher level solution. Keep that separate practice network after you go live, or you will be hating life sometimes.
> And thanks, of course, to everyone who - very strongly, for good reasons - recommended ftp and SSH but my co-workers really are locked down to email, http, and https, and their IT systems are configured to bar installing of arbitrary software. (Apart from that, while they are perfectly competent in their work subjects, they are not in the least technical or geeky.)
>
Management needs to be apprised of the different kinds of impact that the different solutions have, and I would strongly suggest that they consider that solving these problems in stages is safer than suddenly deploying, say, Wordpress. You'll end up installing client software anyway, so they may prefer to bite the bullet now, harden the network, and start installing graphical ssh clients.
Not allowing an ssh client to be installed on workstations is clear indication that the network has not really been hardened.
Joel Rees
Computer memory is just fancy paper,
CPUs just fancy pens.
All is a stream of text
flowing from the past into the future.