Koozali.org: home of the SME Server

CMS

Offline andy_wismer

  • *
  • 107
  • +0/-0
    • ANWI-Net
CMS
« Reply #45 on: March 12, 2007, 12:56:39 PM »
Hi

Sorry, I meant "at the same time".

I also host domains in ibays, of corse they work...

But I can't say install phpsysinfo in an iBay and make that appear under

www.domain1.com/phpsysinfo/
www.domain2.com/phpsysinfo/

That's what I meant by "dedicatedly configurated" an iBay.
An iBay can only be associated with one domain at a time.

If you REALLY need this, it's back to templates tuning...

Regards
Andy

Offline lucho115

  • ****
  • 209
  • +0/-0
    • http://www.elac.com.ar
CMS
« Reply #46 on: March 20, 2007, 08:49:52 PM »
I really cant understand why is not safe , install web app into ibays. I read all the post and the maillist listed in this topic but iam still not understand the security problem. I anybody can explain me very detailed i am going to give you thanks.
tks

Offline bpivk

  • *
  • 908
  • +0/-0
    • http://www.bezigrad.com
CMS
« Reply #47 on: March 20, 2007, 09:31:25 PM »
Ok i'll write in plain english. And could you please post in one topic because you allready opened another one with the same question.

People can access ibays and edit data there because it's on the internet. Well they aren't able to write data if you have a secure web app but every app that is installed in an ibay can be modified because it's on the internet (we're talking in theory here).
If you install an app in /opt you make a "shortcut" in SME (template) so that people can access this app but it's in fact seperated from the part of the sistem that can be accessed.

Edit: On another reading. I complicated things a little bit but it's hard to explain.  :)

And you didn't read enough posts if you still can't tell the difference because Charlie or Gordon had a long post a while back that explained why you should install apps in opt.

I'm not sure but i think that it was also mentioned in somwhere in wiki.
"It should just work" if it doesn't report it. Thanks!

Offline lucho115

  • ****
  • 209
  • +0/-0
    • http://www.elac.com.ar
CMS
« Reply #48 on: March 21, 2007, 03:23:45 PM »
bpivk
Quote
Ok i'll write in plain english. And could you please post in one topic because you allready opened another one with the same question.

Ok, i have not open any topic with the same question, in fact i ask a similar cuestion related to Joomla in a topic about it, and nobody answer , only you :
Every <put your script here> script will work from an ibay. But the prefered way of installing it would be into /opt (security reasons). Does this answer your question?
No, this answer is not good, only say security reasons , so please tell me which are them.

So a take my time to look for posts and wiki and other sites that answer my question, and the only that i found was in the wiki this:

Use chown www /path/to/dir
and preferably put your app in /opt/app not in an ibay


And in the forums this topic and for that reason i post a quiestion in this topic, hoping that anybody could helpme, but you appear again :

Quote
People can access ibays and edit data there because it's on the internet. Well they aren't able to write data if you have a secure web app but every app that is installed in an ibay can be modified because it's on the internet (we're talking in theory here).
If you install an app in /opt you make a "shortcut" in SME (template) so that people can access this app but it's in fact seperated from the part of the sistem that can be accessed.

Edit: On another reading. I complicated things a little bit but it's hard to explain. Smile

And you didn't read enough posts if you still can't tell the difference because Charlie or Gordon had a long post a while back that explained why you should install apps in opt.

I'm not sure but i think that it was also mentioned in somwhere in wiki.


OK this is a better answer but still not sufficient, and iam not lazzy or stupid like you say in other post, i only looking for a tecnical explication about why i have to use /opt instead /home/e-smith/files/ibays/ibayname , what is the difference? /opt is chrooted?? or what??
thks to everybody  that answer and no to insult to others people.

Offline jjcuk

  • *
  • 90
  • +0/-0
CMS
« Reply #49 on: March 21, 2007, 05:49:22 PM »
Hi lucho115

I think bpivk is trying to explain it as best he can but
try reading this thread by Abe Loveless,
I found it while asking myself the same question's
and found this to be one of the clearer explenations

http://forums.contribs.org/index.php?topic=22307.0

hope it helps

Jim C
Regards
Jim C

Offline bpivk

  • *
  • 908
  • +0/-0
    • http://www.bezigrad.com
CMS
« Reply #50 on: March 21, 2007, 06:12:04 PM »
Quote
I think bpivk is trying to explain it as best he can

Yes, and i'm starting to loose my patience with people that crosspost and don't understand plain english.  :x
"It should just work" if it doesn't report it. Thanks!

Offline lucho115

  • ****
  • 209
  • +0/-0
    • http://www.elac.com.ar
CMS
« Reply #51 on: March 21, 2007, 07:23:09 PM »
jjcuk

Thanks, but i had been read it in the past.
Idont know what to do with my sites into ibays, never bring me problems and  nobody can explain what the diference of put a web app into /opt or into an ibay (technically).

bpivk

You loose the patience? ok so dont answer any more a post that you dont know the answer, and you will be happy. I dont want to continue talking about you or me, iam only want a technical (in detail)response to my doubt.
thks

Offline bpivk

  • *
  • 908
  • +0/-0
    • http://www.bezigrad.com
CMS
« Reply #52 on: March 21, 2007, 07:38:42 PM »
Quote
You loose the patience? ok so dont answer any more a post that you dont know the answer,

As i have said. You have your responses in the forum, we have given you a lot of links and i have written you a detailed explanation on this topic.

Now i'm starting to think that you're:
1.) really bad at english and you don't understand what we're trying to tell you or
2.) you just don't want to think and understand what we're trying to tell you
"It should just work" if it doesn't report it. Thanks!

Offline cjensen

  • *
  • 133
  • +0/-0
    • http://acenet-tech.org
CMS
« Reply #53 on: April 24, 2007, 11:33:35 PM »
Quote from: "lucho115"

can explain what the diference of put a web app into /opt or into an ibay (technically).


Security.  If you don't know about the possible security problems with php then read about it.  On SME it has been mentioned many times (esp in recent years) that placing web apps in /opt is much more secure than in an already accessible ibay.  The reason... mostly because many php apps are themselves insecure + many authors/advisors/webadmins tell you to put them on your server and then chmod this or that to 777.  That is VERY insecure.  If you don't understand that then read about permissions and running a server.  If you still don't understand...

Read this page which Charlie Brady posts now and then:

http://www.eyrie.org/~eagle/faqs/questions.html

Craig

Offline lucho115

  • ****
  • 209
  • +0/-0
    • http://www.elac.com.ar
CMS
« Reply #54 on: April 25, 2007, 01:37:33 PM »
Quote
Security. If you don't know about the possible security problems with php then read about it. On SME it has been mentioned many times (esp in recent years) that placing web apps in /opt is much more secure than in an already accessible ibay. The reason... mostly because many php apps are themselves insecure + many authors/advisors/webadmins tell you to put them on your server and then chmod this or that to 777. That is VERY insecure. If you don't understand that then read about permissions and running a server. If you still don't understand...

Read this page which Charlie Brady posts now and then:

http://www.eyrie.org/~eagle/faqs/questions.html


OK, maybe because iam not an english speaker i cannt express correctly what was my doubt. I wana to try to express me better. One and again i repeat, i wana to somebody tell me technicaly the reasons thats make an insecure php code more insecure if it is in an ibay that if it is in /opt(iam not taking about file or directory permisions, thats is for beginers, iam an IT profesional since 9 years working with servers). At first I thought that the /opt directory was chrooted, but It does not, so iam only want to knows what security is implemented in /opt thats not in other common directory.
thanks, an sorry about my english.
bye

Offline cjensen

  • *
  • 133
  • +0/-0
    • http://acenet-tech.org
CMS
« Reply #55 on: April 25, 2007, 03:47:55 PM »
Quote

tell me technicaly the reasons thats make an insecure php code more insecure if it is in an ibay that if it is in /opt(iam not taking about file or directory permisions, thats is for beginers, iam an IT profesional since 9 years working with servers).


Depending on your permissions when you set up the Ibay, you have content accessible to either lan or web, so possibly everyone.  If you then install a php app and are careless about it's setup (or the php scripts themselves) you create possible exploit invitations.  Some php apps save insecure session data (id's, passwords, etc).  Some save database passwords (and some even root mysql passwords... heaven forbid).  Some link configuration files/directories and then suggest them to be chmoded to read-write EVERYONE.  Maybe you already know that.  But the combination of having an Ibay with access to the world and then installing an insecure app (whether php or otherwise) is BAD/INSECURE.

Craig

Offline Rien

  • *
  • 216
  • +0/-0
    • http://www.taurix.nl
CMS
« Reply #56 on: April 26, 2007, 12:55:06 AM »
Hi Craig,

I understand what you say.  I now have all my apps (secure and insecure) in ibays.

I want to move them to /opt.

I understand that I have to use aliases in httpd but I don't know how to do that.

Can I use dungog-proxypass for that purpose? So far I understand it can 'convert' url's to other url's and url's to virtual domains.
Rien
(The Netherlands)......