homepage Welcome to WebmasterWorld Guest from 54.166.66.204
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member

Visit PubCon.com
Home / Forums Index / Code, Content, and Presentation / XML Development
Forum Library, Charter, Moderators: httpwebwitch

XML Development Forum

    
Potentially Stupid Security Question
el_roboto




msg:3379042
 11:04 am on Jun 26, 2007 (gmt 0)

Just getting into the swing of producing dynamic RSS content and sitemaps.

this means the files have open permissions to read write etc. I'm wondering if this presents security flawas, ie will someone be able to write into these files from another server?

 

Marshall




msg:3379047
 11:12 am on Jun 26, 2007 (gmt 0)

If you're using a form to enter the information, you can always password protect the form. Also, you can place the xml file in your _private folder or on a secure server, though I am not sure what call-up problems a secure server that may present. I know the _private file works. Either way, isn't any type of file subject to hacking?

Marshall

[edited by: Marshall at 11:13 am (utc) on June 26, 2007]

cmarshall




msg:3379066
 11:57 am on Jun 26, 2007 (gmt 0)

There are a number of ways to deal with this. You can make it so that your active server system (PHP, Perl, C++, ASP, etc.) is the only process with write perms.

However, the way I generally choose to do this kind of thing is to have the "landing page" (sitemap.xml, etc.) a fixed PHP page that routes dynamic content from a secure source, such as a directory outside the HTTP tree or a database table.

el_roboto




msg:3380959
 8:24 am on Jun 28, 2007 (gmt 0)

so essentially my sitemap or rss can be sitemap.php or feed.php? I read something about changing headers if you do this?

I'm just a bit cautious about CHMOD 777 I don't fully understand the extent of the permissions, ie - can someone write to 777 files or directories from running the necessary scripts on a different server to mine?

cmarshall




msg:3381016
 10:24 am on Jun 28, 2007 (gmt 0)

You can make it sitemap.xml, if you modify your .htaccess to repurpose it into a PHP file.

It would look someting like this:

.../wrapper_directory/public_html/sitemap.xml <- Actually PHP
.../wrapper_directory/outside_directory/current_sitemap_data.xml <- Read by sitemap.xml and returned to the robot

el_roboto




msg:3381083
 12:06 pm on Jun 28, 2007 (gmt 0)

ahhh I see.

excellent I'll do some research in that direction

thanks

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Code, Content, and Presentation / XML Development
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved