Re: webb app import directory

To: debian-webapps@lists.debian.org
Cc: glaskoncILLa <glaskoncilla@electronicflux.com>
Subject: Re: webb app import directory
From: Paul Wise <pabs@debian.org>
Date: Mon, 28 Jun 2010 09:59:30 +0800
Message-id: <AANLkTikwPDA6rcgMmbz2AwG0kPrYcpQ1T3omNpGZ6FJX@mail.gmail.com>
In-reply-to: <4C279BEB.5020301@electronicflux.com>
References: <AANLkTilNytWzCuKPD3k6AzWUqJpuNB11qy5AHcqDk6LL@mail.gmail.com> <AANLkTikGwVNywRtFvK9C2IowceJ8_SFCBJsGh4pggX2x@mail.gmail.com> <AANLkTinTW-lUgk8CstX7_AyYu2TGVPdsvb9uinxm9f1_@mail.gmail.com> <AANLkTil3SbzqjT_8riaZj7LKkdWT9D-5581tNeBAjenp@mail.gmail.com> <AANLkTimmmfMTaL8zpSehbxG5tyN60JHLC-y9JBpQI0ez@mail.gmail.com> <AANLkTilJyOduLGjcTcsBjeMET852WoZHf6K3GMHMavDr@mail.gmail.com> <AANLkTim6V2mefjQhLjzEgOQsZ-Tg_L-mUlHN9OLa0x2k@mail.gmail.com> <4C279BEB.5020301@electronicflux.com>

[CCing you since I'm not sure you're subscribed, sorry if you are]

The permissions and location of an upload directory will vary from
server to server, setup to setup and URL to URL. Please leave that up
to the server administrator and make it as secure as possible by
default. The main thing that you should ensure is that the web server
configuration for the URL of the upload directory does not open the
server up to arbitrary code execution attacks (via uploaded
PHP/CGI/etc files) or cross-site scripting attacks (via uploaded
HTML/XML/SVG documents). The usual way to do this is to provide a
setup script for the app or use the one provided by whatever framework
the app is using.

-- 
bye,
pabs

http://wiki.debian.org/PaulWise

Reply to:

References:
- webb app import directory
  - From: glaskoncILLa <glaskoncilla@electronicflux.com>

Prev by Date: Re: webb app import directory
Next by Date: Basic webapp packaging questions
Previous by thread: Re: webb app import directory
Next by thread: Basic webapp packaging questions
Index(es):
- Date
- Thread