I've looked at a bunch of CMS(content management system)'s lately. There are some good ones, and I like the directions they're going.
nadmin studio has the most incredible admin front end for midgard that you would believe. It's at: http://cmsdemo.hklc.com just type in demo for each of the blocks and leave everything else the same. WOW, GOOD STUFF! As far as I know, midgard has to be installed as an apache mod. This gives it the power to run php scripts written by end users who are part of a site, YET, be subject to permissions by the midgard package, kind of like a cgi wrapper around the file system AND the database contents as well. A lot of ISP's don't want to mess with their current installed Apache server, and who can blame them? I'm not sure if midgard can be a shared object or not? Anyway, stuff like PHPNuke, and maybe PostNuke just install in the html/doc root, make everything basically 777(or close to that), and get protection from inadvertent serving of xxx.inc files which have passwords in them with '.htaccess' files containing 'deny all'. It works, BUT ...... ------------------------------------------ FINALLY, my question. If some newbie sysadmin at a shared ISP accidentally turned off the php engine AND turned off the user being able to use .htaccess files, all the files in the html/doc root could be served, unprocessed, right? BIG SECURITY problem, huh? I have heard that it's better to put everything OUT of the doc root to avoid this, or at least, anything with passwords and important parameters. Is there any circumstance where Apache could server outside of the doc root? -- ----------------------------------------------------------------- Joy is just a thing (to be).. raised on, Love is just the way to Live and Die, John Denver. ----------------------------------------------------------------- He lost a friend, but kept his Memory (also John Denver), Thank you...John Corones...my friend always. ----------------------------------------------------------------- Look lovingly upon the present, for it holds the only things that are forever true. ----------------------------------------------------------------- Sincerely, Dennis Gearon (Kegley) -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
