| Pages: [1] :: one page |
| Author |
Thread Statistics | Show CCP posts - 0 post(s) |
Xeross155
Minmatar
Ghosts of EMC
   |
Posted - 2010.02.09 11:34:00 -
[1]
Hey folks,
I've created an API proxy script in PHP, so far I've tested it with multiple apps and it's working just fine (Both with OOE and EVEMon). It creates a folder for every user with a sha hash of their user id, and for pages that don't need authentication it will save the data in the ../cache/general folder.
All you need to make sure is that it can create the cache folder (Best is if you create it yourself) and that it has proper permissions.
You can download it here.
If you encounter any bugs or problems (Or have feature suggestions) reply to the thread.
Regards, Xeross
---------------------------------------------
Xeross' ventures into EVE |
Ms Leonora
Eighth Army
|
Posted - 2010.02.11 16:10:00 -
[2]
Nice work. Just one thing. The index.php script tries to make the cache directory in ../cache. I changed this to be ./cache so that it would be in the same directory as the script.
|
Tonto Auri
Vhero' Multipurpose Corp
|
Posted - 2010.02.11 18:03:00 -
[3]
 Originally by: Ms Leonora
Nice work. Just one thing. The index.php script tries to make the cache directory in ../cache. I changed this to be ./cache so that it would be in the same directory as the script.
Which made your cache folder available for everybody who have access to your server. Perfect suicide, i'd say.
--
Thanks CCP for cu |
Femaref
Armageddon Day
|
Posted - 2010.02.11 20:30:00 -
[4]
Originally by: Tonto Auri
Originally by: Ms Leonora
Nice work. Just one thing. The index.php script tries to make the cache directory in ../cache. I changed this to be ./cache so that it would be in the same directory as the script.
Which made your cache folder available for everybody who have access to your server. Perfect suicide, i'd say.
There is something called access rights.
|
Ms Leonora
Eighth Army
|
Posted - 2010.02.11 21:04:00 -
[5]
Edited by: Ms Leonora on 11/02/2010 21:04:42
Originally by: Tonto Auri
Which made your cache folder available for everybody who have access to your server. Perfect suicide, i'd say.
Incorrect. My setup gives a 403 error if you try and browse the cache folder. Suggest you do some reading before posting again.
|
Xeross155
Minmatar
Fusion Death Inc.
Intrepid Crossing
|
Posted - 2010.02.12 15:29:00 -
[6]
Yeh I've put it at ../cache because of access problems, Should I just modify the .htaccess and make the cache in ./cache ?
---------------------------------------------
Xeross' ventures into EVE |
Dragonaire
Caldari
Corax.
New Eden Retail Federation
|
Posted - 2010.02.12 20:24:00 -
[7]
I'd leave it with the better security and let those that want to change it do so. They seem to all think they know more then the people that make Apache, etc. and what's recommended by them and every security book ever written. Since they are 'Experts' I'm sure they can handle making the changes themselves.
--
Finds camping stations from the inside much easier.
Designer of Yapeal for Eve API.
|
Xeross155
Minmatar
Fusion Death Inc.
Intrepid Crossing
|
Posted - 2010.02.12 21:33:00 -
[8]
Originally by: Dragonaire
I'd leave it with the better security and let those that want to change it do so. They seem to all think they know more then the people that make Apache, etc. and what's recommended by them and every security book ever written. Since they are 'Experts' I'm sure they can handle making the changes themselves.
If you Deny from All on the cache folder you're fine even if it's in your public_html
---------------------------------------------
Xeross' ventures into EVE |
Dragonaire
Caldari
Corax.
New Eden Retail Federation
|
Posted - 2010.02.13 09:06:00 -
[9]
Then someone else doesn't secure their web app and they get hacked and the hacker overwrites your .htaccess and maybe even part of your application because you didn't secure your stuff either and left it web writable. Or host doesn't think a security update is important enough and they get in that way. It's very simple if it's not were they can browse it it's at least 5 times harder for them to find and get to. I'm not going to say I've never done it myself just that you're asking for it if you do and sooner or later you'll end up bitten somewhere that hurts  It's been doing stuff like that that got more then one company or government agency into trouble when they end up releasing information that leads to ID theft. In almost every case they ignored best practices like this one leading up to it. there's also the speed factor with web server not having to check all those extra .htaccess files or rules in your config file.
Like I said just as easy to make it as secure as you can and then let the 'experts' take chances with their site. Makes the support E-mail from them much easier to answer when you can point out where they changed something they shouldn't have
--
Finds camping stations from the inside much easier.
Designer of Yapeal for Eve API.
|
Catari Taga
Centre Of Attention
Rough Necks
|
Posted - 2010.02.13 10:04:00 -
[10]
It is without a doubt good practice to keep everything that does not need to be exposed to the world out of the document root, there should not even be a discussion. Just make it your habit to always code as securely as you can, even if for one application it might seem unnecessary the simple fact of making it your routine might save the day on another project.
|
EMC CEO
|
Posted - 2010.02.13 16:55:00 -
[11]
Okay, discussion closed on the location of the cache folder, it stays where it is if you don't like it modify it yourself.
Now please only report feature suggestions and bugs here.
|
Xeross155
Minmatar
Fusion Death Inc.
Intrepid Crossing
|
Posted - 2010.02.13 17:38:00 -
[12]
Btw EMC CEO is my alt I accidentally used the wrong character to post.
---------------------------------------------
Xeross' ventures into EVE |
| |
|
| Pages: [1] :: one page |
| First page | Previous page | Next page | Last page |