Welcome to WebmasterWorld Guest from 54.159.246.164

Forum Moderators: httpwebwitch

Message Too Old, No Replies

Potentially Stupid Security Question

   
11:04 am on Jun 26, 2007 (gmt 0)

5+ Year Member



Just getting into the swing of producing dynamic RSS content and sitemaps.

this means the files have open permissions to read write etc. I'm wondering if this presents security flawas, ie will someone be able to write into these files from another server?

11:12 am on Jun 26, 2007 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



If you're using a form to enter the information, you can always password protect the form. Also, you can place the xml file in your _private folder or on a secure server, though I am not sure what call-up problems a secure server that may present. I know the _private file works. Either way, isn't any type of file subject to hacking?

Marshall

[edited by: Marshall at 11:13 am (utc) on June 26, 2007]

11:57 am on Jun 26, 2007 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



There are a number of ways to deal with this. You can make it so that your active server system (PHP, Perl, C++, ASP, etc.) is the only process with write perms.

However, the way I generally choose to do this kind of thing is to have the "landing page" (sitemap.xml, etc.) a fixed PHP page that routes dynamic content from a secure source, such as a directory outside the HTTP tree or a database table.

8:24 am on Jun 28, 2007 (gmt 0)

5+ Year Member



so essentially my sitemap or rss can be sitemap.php or feed.php? I read something about changing headers if you do this?

I'm just a bit cautious about CHMOD 777 I don't fully understand the extent of the permissions, ie - can someone write to 777 files or directories from running the necessary scripts on a different server to mine?

10:24 am on Jun 28, 2007 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



You can make it sitemap.xml, if you modify your .htaccess to repurpose it into a PHP file.

It would look someting like this:

.../wrapper_directory/public_html/sitemap.xml <- Actually PHP
.../wrapper_directory/outside_directory/current_sitemap_data.xml <- Read by sitemap.xml and returned to the robot

12:06 pm on Jun 28, 2007 (gmt 0)

5+ Year Member



ahhh I see.

excellent I'll do some research in that direction

thanks