[darcs-users] Re: darcs and source forge equivalent

Patrick McFarland pmcfarland at downeast.net
Thu Jul 14 21:51:41 UTC 2005


On Thursday 14 July 2005 08:55 am, Eric S. Johansson wrote:
> the challenge here is with integrity of the archive.  now maybe this is
> different with the Web space but the last time I used source for for
> this (IPCop wiki), we had major problems with unauthorized people
> deleting our site.  Source for is not protected from vandalism is far as
> I know.

Don't confuse the issue here. Your wiki got 'hacked' via insecure permissions 
on the webserver. To write to files via scripts executed by sf.net's apache* 
they have to be (basically) world writable, and anyone with shell access on 
sf.net can 'hack' you. You fix this by not using wikis (et al.) that write to 
files, and instead switch to ones that write to SQL.

However, none of this effects darcs at all, you're not writing via the 
webserver, you're writing to a darcs archive via darcs over ssh.


* sf.net's apache doesn't use suid, because it causes apache literally hours 
to startup. Its an apache bug.

-- 
Patrick "Diablo-D3" McFarland || pmcfarland at downeast.net
"Computer games don't affect kids; I mean if Pac-Man affected us as kids, we'd 
all be running around in darkened rooms, munching magic pills and listening to
repetitive electronic music." -- Kristian Wilson, Nintendo, Inc, 1989
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.osuosl.org/pipermail/darcs-users/attachments/20050714/57a3a3b7/attachment-0001.pgp 


More information about the darcs-users mailing list