Symbol Links amongst Apache's served files, is this a security-don't?
I read somewhere that you should make sure Apache is configured to not allow symbolic links to be followed outside the webroot, as this can compromise security.
I can imagine how this could lead to a security risk:
eg:
Quote:
I link to a folder I know is safe (has no other links inside of it)
So, because there's no links sitting in /home/me/web_stuff/ I think, "there's no chance the public might end up wandering any further outside the web root than they already have...". The bottom line is really that this is simply bad practice, because over time I may naturally forget that this web_stuff directory is exposed and in turn end up placing symbolic links inside /home/me/web_stuff/
Is my assumption correct? -- Is it nothing more than: "its just bad practice, because it leaves you open to make such above ^ mistakes"? Or is it more technically complicated and truly a direct security threat?
Are all symbolic links bad news inside of Apache served spaces? Eg. what about symbolic links linking to another directory within the web root?
I like symbolic links -- this would be a pain to have to avoid!
working through VIOS backup options. Generally, we store mksysb's on a server and then NFS mount them from it to copy to a VIO optical library, etc.
In the case of a VIO backup, I see the -mksysb option to backupios and understand that it doesn't include the NIM resources in the backup.
... (3 Replies)
Scrutinizer and i had a discussion about loops in shell scripts and you might be interested in joining in and share your experiences:
i wrote an example script which basically employed the following logic:
cat /some/file | while read var ; do
echo var = $var # just do... (8 Replies)
Hello,
If you are interested in security, check out this new directory of unix and linux related software tools.
Security - Links
If you have any of your favorite tools, feel free to add them to the directory. (0 Replies)
I have two machines on my network - one OSX mac and one linux box. The mac is my main workhorse, and the linux box does occasional chores and webserving. Currently the mac shares (via NFS) files with the Liinux box.
Would it be less demanding on the mac if I made it a client, and moved my files... (2 Replies)
How to generate the symbol file for
"C" program which will help me in
analysing the core dump.
Can any one suggest me the tools to use.
I don't whether the gcc has the option
to generate symbol file while generating
the object code. (1 Reply)