MHonArc and unfriendly users

2001-04-04 10:13:20

I am working for an ISP and we are planning to offer web 
archives for our users mailing-lists. I began to setup 
mhonarc to do this but I have a security problem. As I
would like to permit people to have their owns ressources
files, a few ressource element (ie all filenames) might
be used to access/erase other sites files (such as 
.htaccess or .htpassword). I tried to search in archives
or web sites to find an similar problem but without any
Thus, I was wondering if :
- I am dumb and a solution to the problem already exist
- I can forget allowing people to setup their own 
ressources files
- I should try to solve this problem.

To the latest case, I have two possible ideas :
- filtering the user ressource file to remove "dangerous"
ressource elements
- adding an option to mhonarc to define a "ressource
directory" (the "user root" directory), if this option
is used, then all files name should be relative to this
directory ('..' would be then forbidden)

Personnaly, I prefer the second solution but I just do 
not know if it may be usefull to other people...


<Prev in Thread] Current Thread [Next in Thread>