Welcome to WebmasterWorld Guest from 54.242.224.250

Forum Moderators: httpwebwitch

Message Too Old, No Replies

Potentially Stupid Security Question

     
11:04 am on Jun 26, 2007 (gmt 0)

Junior Member

5+ Year Member

joined:Feb 14, 2007
posts:92
votes: 0


Just getting into the swing of producing dynamic RSS content and sitemaps.

this means the files have open permissions to read write etc. I'm wondering if this presents security flawas, ie will someone be able to write into these files from another server?

11:12 am on June 26, 2007 (gmt 0)

Senior Member from US 

WebmasterWorld Senior Member 10+ Year Member

joined:Sept 4, 2001
posts:2176
votes: 15


If you're using a form to enter the information, you can always password protect the form. Also, you can place the xml file in your _private folder or on a secure server, though I am not sure what call-up problems a secure server that may present. I know the _private file works. Either way, isn't any type of file subject to hacking?

Marshall

[edited by: Marshall at 11:13 am (utc) on June 26, 2007]

11:57 am on June 26, 2007 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:Feb 21, 2005
posts: 1526
votes: 0


There are a number of ways to deal with this. You can make it so that your active server system (PHP, Perl, C++, ASP, etc.) is the only process with write perms.

However, the way I generally choose to do this kind of thing is to have the "landing page" (sitemap.xml, etc.) a fixed PHP page that routes dynamic content from a secure source, such as a directory outside the HTTP tree or a database table.

8:24 am on June 28, 2007 (gmt 0)

Junior Member

5+ Year Member

joined:Feb 14, 2007
posts:92
votes: 0


so essentially my sitemap or rss can be sitemap.php or feed.php? I read something about changing headers if you do this?

I'm just a bit cautious about CHMOD 777 I don't fully understand the extent of the permissions, ie - can someone write to 777 files or directories from running the necessary scripts on a different server to mine?

10:24 am on June 28, 2007 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:Feb 21, 2005
posts: 1526
votes: 0


You can make it sitemap.xml, if you modify your .htaccess to repurpose it into a PHP file.

It would look someting like this:

.../wrapper_directory/public_html/sitemap.xml <- Actually PHP
.../wrapper_directory/outside_directory/current_sitemap_data.xml <- Read by sitemap.xml and returned to the robot

12:06 pm on June 28, 2007 (gmt 0)

Junior Member

5+ Year Member

joined:Feb 14, 2007
posts:92
votes: 0


ahhh I see.

excellent I'll do some research in that direction

thanks

 

Join The Conversation

Moderators and Top Contributors

Hot Threads This Week

Featured Threads

Free SEO Tools

Hire Expert Members