Re: Bug 314808, /srv and webapps.

To: debian-webapps@lists.debian.org
Subject: Re: Bug 314808, /srv and webapps.
From: Kai Hendry <hendry@iki.fi>
Date: Wed, 29 Jun 2005 12:25:37 +1000
Message-id: <[🔎] 20050629022535.GA7841@iki.fi>
Reply-to: Kai Hendry <hendry@iki.fi>
In-reply-to: <[🔎] 20050628105810.GA1913@mx0.halon.org.uk>
References: <[🔎] 20050622131227.GW15147@mx0.halon.org.uk> <[🔎] 20050622235325.GB25739@iki.fi> <[🔎] 20050625233641.GA5160@seanius.net> <[🔎] 20050626081042.GB665@iki.fi> <[🔎] 20050626154319.GA14522@seanius.net> <[🔎] 20050628041949.GC4581@iki.fi> <[🔎] 20050628050725.GA1833@seanius.net> <[🔎] 20050628053805.GE4581@iki.fi> <[🔎] 20050628105810.GA1913@mx0.halon.org.uk>

On Tue, Jun 28, 2005 at 11:58:10AM +0100, Neil McGovern wrote:
> > PHP includes usually sit in the www accessible directory. This might be
> > confusing.
> They shouldn't, it's a security risk to have these things publically
> accessable. Things which don't HAVE to be in the doc root, shoudn't be.
> See http://lists.debian.org/debian-security/2005/04/msg00103.html

See http://lists.debian.org/debian-security/2005/04/msg00104.html
And http://lists.debian.org/debian-security/2005/04/msg00111.html

I don't think it is such a big issue either. 

It will require some magic/work to make Wordpress upstream code to look
in the right place if I have to move includes/ to another directory.

> > > /usr/share/foo/scripts <- other helper scripts that don't belong in /usr/bin
> > Do you have an example? I keep "dodgy" scripts in
> > /usr/share/doc/foo/example
> /usr/share/foo/scripts shouldn't be used for 'dodgy' scripts. You're
> right to place them in /usr/share/doc/foo/example
> However, somthing that performs maintainace (for example) could live in
> /usr/share/foo/scripts

Ok, that's sensible. Though upstream should do that already. Getting
people to look in scripts/ will quickly catch on mind.

> > > /usr/share/foo/data <- other non web data, like xml or text files
> > A data store off /usr/share/foo/ ? Sounds strange. 
> Yup, but that's because we're used to using /usr/share/foo/.
> We're trying to split up /usr/share/foo/ into sub directrories to make
> everything more sane.

Understood. It's that I am a little worried about getting at least the
package package to conform esp. regarding includes.

I do not abject necessarily either to /www. I just wish permissions or
something could be used instead.

> > And should the Debian package maintain it directly?
> I'm not really sure what you mean here.

Data stores should be ideally maintained in the mysql-server. Else setup
by the Web application IMO. Not by Debian scripts.

> For info, the (normally) latest release of the WebApps policy can be
> found at http://people.debian.org/~neilm/webapps-policy/

This doesn't seem upto date with that cvs 4.3 stuff in a recent mailing list
post:
http://lists.debian.org/debian-webapps/2005/06/msg00065.html

Reply to:

Follow-Ups:
- Re: Bug 314808, /srv and webapps.
  - From: sean finney <seanius@debian.org>
- Re: Bug 314808, /srv and webapps.
  - From: Neil McGovern <neilm@debian.org>

References:
- Bug 314808, /srv and webapps.
  - From: Neil McGovern <neilm@debian.org>
- Re: Bug 314808, /srv and webapps.
  - From: Kai Hendry <hendry@iki.fi>
- Re: Bug 314808, /srv and webapps.
  - From: sean finney <seanius@debian.org>
- Re: Bug 314808, /srv and webapps.
  - From: Kai Hendry <hendry@iki.fi>
- Re: Bug 314808, /srv and webapps.
  - From: sean finney <seanius@debian.org>
- Re: Bug 314808, /srv and webapps.
  - From: Kai Hendry <hendry@iki.fi>
- Re: Bug 314808, /srv and webapps.
  - From: sean finney <seanius@debian.org>
- Re: Bug 314808, /srv and webapps.
  - From: Kai Hendry <hendry@iki.fi>
- Re: Bug 314808, /srv and webapps.
  - From: Neil McGovern <neilm@debian.org>

Prev by Date: Re: suggestion for section 4.3
Next by Date: /usr/lib/cgi-bin/
Previous by thread: Re: Bug 314808, /srv and webapps.
Next by thread: Re: Bug 314808, /srv and webapps.
Index(es):
- Date
- Thread