Page 1 of 1

Security concerns

Posted: Sun Jun 25, 2006 6:44 am
by Chosen1
Hello,

I recently found s9y and in all honesty I am impressed with what I see so far. However in installing and testing it I am really concerned about the layout and usage of the permissions of the directory structure.

In order to make things work one must have world write on their DOCROOT. Thats dangerious at best is it not?

I can see doing the install, setting a theme and re CHMODing it back (755 most likley) but this is the long way around is it not? I haven't actually dug into much of the code as of yet, its just cursory glance but I was curious of the developers thoughts on this.

The platform has definate promise and I would be interedsted in more information about working with the developers, is this more or less of an open project??

Kind Regards,

Patrick
SysAdmin BOFH

Re: Security concerns

Posted: Mon Jun 26, 2006 12:28 pm
by garvinhicking
Hi!

As explained in the installation, the world-write on DOCROOT is only required to install s9y, because in that dir the ".htacecss" and "serendipity_config_local.inc.php" need to be created, as well as some directories. After installation you can reset those permissions easily. Just make sure the creates files+dirs are still writable to PHP.
The platform has definate promise and I would be interedsted in more information about working with the developers, is this more or less of an open project??
That would be awesome, we are constantly looking for motivated people who'd like to lend a help. No matter what, doing plugins, core, themes, forum support or documentation. We are very open to contribution.

This forum here is rather active; we keep our Sourcecode on SVN of www.berlios.de, and our plugins on SourceForge.Net CVS. If you want to contribute code, we usually want to have a few patches by you and then give out CVS/SVN write access, if you like.

If you have any more questions or so, please go ahead and post them :)

Best regards and have fun,
Garvin