[darcs-users] Re: darcs and source forge equivalent
Patrick McFarland
pmcfarland at downeast.net
Thu Jul 14 21:51:41 UTC 2005
On Thursday 14 July 2005 08:55 am, Eric S. Johansson wrote:
> the challenge here is with integrity of the archive. now maybe this is
> different with the Web space but the last time I used source for for
> this (IPCop wiki), we had major problems with unauthorized people
> deleting our site. Source for is not protected from vandalism is far as
> I know.
Don't confuse the issue here. Your wiki got 'hacked' via insecure permissions
on the webserver. To write to files via scripts executed by sf.net's apache*
they have to be (basically) world writable, and anyone with shell access on
sf.net can 'hack' you. You fix this by not using wikis (et al.) that write to
files, and instead switch to ones that write to SQL.
However, none of this effects darcs at all, you're not writing via the
webserver, you're writing to a darcs archive via darcs over ssh.
* sf.net's apache doesn't use suid, because it causes apache literally hours
to startup. Its an apache bug.
--
Patrick "Diablo-D3" McFarland || pmcfarland at downeast.net
"Computer games don't affect kids; I mean if Pac-Man affected us as kids, we'd
all be running around in darkened rooms, munching magic pills and listening to
repetitive electronic music." -- Kristian Wilson, Nintendo, Inc, 1989
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.osuosl.org/pipermail/darcs-users/attachments/20050714/57a3a3b7/attachment-0001.pgp
More information about the darcs-users
mailing list