homepage Welcome to WebmasterWorld Guest from
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member

Visit PubCon.com
Home / Forums Index / Code, Content, and Presentation / XML Development
Forum Library, Charter, Moderators: httpwebwitch

XML Development Forum

Potentially Stupid Security Question

 11:04 am on Jun 26, 2007 (gmt 0)

Just getting into the swing of producing dynamic RSS content and sitemaps.

this means the files have open permissions to read write etc. I'm wondering if this presents security flawas, ie will someone be able to write into these files from another server?



 11:12 am on Jun 26, 2007 (gmt 0)

If you're using a form to enter the information, you can always password protect the form. Also, you can place the xml file in your _private folder or on a secure server, though I am not sure what call-up problems a secure server that may present. I know the _private file works. Either way, isn't any type of file subject to hacking?


[edited by: Marshall at 11:13 am (utc) on June 26, 2007]


 11:57 am on Jun 26, 2007 (gmt 0)

There are a number of ways to deal with this. You can make it so that your active server system (PHP, Perl, C++, ASP, etc.) is the only process with write perms.

However, the way I generally choose to do this kind of thing is to have the "landing page" (sitemap.xml, etc.) a fixed PHP page that routes dynamic content from a secure source, such as a directory outside the HTTP tree or a database table.


 8:24 am on Jun 28, 2007 (gmt 0)

so essentially my sitemap or rss can be sitemap.php or feed.php? I read something about changing headers if you do this?

I'm just a bit cautious about CHMOD 777 I don't fully understand the extent of the permissions, ie - can someone write to 777 files or directories from running the necessary scripts on a different server to mine?


 10:24 am on Jun 28, 2007 (gmt 0)

You can make it sitemap.xml, if you modify your .htaccess to repurpose it into a PHP file.

It would look someting like this:

.../wrapper_directory/public_html/sitemap.xml <- Actually PHP
.../wrapper_directory/outside_directory/current_sitemap_data.xml <- Read by sitemap.xml and returned to the robot


 12:06 pm on Jun 28, 2007 (gmt 0)

ahhh I see.

excellent I'll do some research in that direction


Global Options:
 top home search open messages active posts  

Home / Forums Index / Code, Content, and Presentation / XML Development
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved