On Wed, Jun 06, 2001 at 03:34:10PM +0200, Joachim Werner wrote:
if Data.fs is owned by nobody.nogroup, Apache is installed on the same machine, and the user can run his own cgi-scripts (most ISPs I suppose), then by default the user's CGI scripts will run as nobody too, allowing him to read Data.fs during his own CGI execution, and copy it wherever he wants during this time.
This is indeed the only really frightening scenario. Finally a reason to not use "nobody" but a dedicated Zope user to run a Zope instance ;-)
Solutions:
* make Data.fs and Data.fs.old only readable by a user every other user on the system can't run commands as.
yep
* But the best to do is:
Encrypt all passwords in the ZODB.
And then I copy the Data.fs to a new Zope, create a superuser and walk in ... Or did I miss something?
Yes: you miss that after having "walked" into your own copy of a stealed Data.fs, you know all the password which will allow you to deface the original site putting there your own index_html saying "nice" things about you on the frontpage...
First of all, I don't think the password issue really IS an issue. I mean, as soon as I have read access to an Apache's data directory, I also can copy it. You just should not be able to come that far ...
Yes, you can copy it, but not modify it, see above. However this is just a matter of "the good way to do it", and "the good way to do it" regarding passwords storing is to store them in an encrypted form. bye, Jerome Alet