Changeset 606


Ignore:
Timestamp:
Jan 1, 2005, 10:13:24 PM (17 years ago)
Author:
Dominic Hargreaves
Message:

Improve wiki.conf security.

Location:
trunk
Files:
3 edited

Legend:

Unmodified
Added
Removed
  • trunk/Changes

    r605 r606  
    22        Extended config changes to examples/reindex.pl (thanks jimbo).
    33        Now require CGI::Wiki 0.62 to fix bug with deleting versions.
     4        Try to ensure that a .htaccess file protecting wiki.conf is installed.
    45
    560.46    21 December 2004
  • trunk/INSTALL

    r605 r606  
    215215custom-templates/ and are described in the file CUSTOMISATION. The id and
    216216class tags used for the CSS in OpenGuides are specified in README.CSS.
     217
     218* Security
     219
     220The installer will try to create (or modify an existing) a .htaccess file
     221to protect wiki.conf, which contains sensitive data (ie passwords).
     222However we cannot tell whether apache (or any other web server you may be
     223using) is using this file, so you should check that it functioning and that
     224you cannot access wiki.conf over HTTP.
     225
     226You should also configure wiki.conf with the minimum permissions required
     227so that local users cannot read the file. This is difficult to automate,
     228but the file should be probably be mode 0640, owned by root or an admin
     229user, and set to the group the web server runs with.
    217230
    218231* Web server configuration
  • trunk/lib/OpenGuides/Build.pm

    r605 r606  
    8989    }
    9090
     91    if ( $FAKE ) {
     92        print "Trying to ensure that wiki.conf is protected.\n";
     93    } else {
     94        my $mentionswikidotconf = 0;
     95        print "Trying to ensure that wiki.conf is protected by .htaccess.. ";
     96        if (-f "$install_directory/.htaccess") {
     97            if (open HTACCESS, "$install_directory/.htaccess") {
     98                while (<HTACCESS>) {
     99                    if (/wiki\.conf/) {
     100                        $mentionswikidotconf = 1;
     101                    }
     102                }
     103                close HTACCESS;
     104            } else {
     105                warn "Could not open $install_directory/.htaccess for reading: $!";
     106            }
     107        }
     108        if ($mentionswikidotconf == 0) {
     109            if (open HTACCESS, ">>$install_directory/.htaccess") {
     110                print HTACCESS "# Added by OpenGuides installer\n";
     111                print HTACCESS "<Files wiki.conf>\ndeny from all\n</Files>";
     112                close HTACCESS;
     113                print "apparent success. You should check that this is working!\n";
     114            } else {
     115                warn "Could not open $install_directory/.htaccess for writing: $!";
     116            }
     117        } else {
     118            print ".htaccess appears to already mention wiki.conf.\n";
     119        }
     120    }
     121
    91122    foreach my $script ( @extra_scripts ) {
    92123        if ( $FAKE ) {
     
    114145        }
    115146    }
    116     unless (-d $custom_template_path) {
    117         print "Creating directory $custom_template_path.\n";
    118         mkdir $custom_template_path or warn "Could not make $custom_template_path";
     147    if ( $FAKE ) {
     148        print "Making $custom_template_path.\n";
     149    } else {
     150        unless (-d $custom_template_path) {
     151            print "Creating directory $custom_template_path.\n";
     152            mkdir $custom_template_path or warn "Could not make $custom_template_path";
     153        }
    119154    }
    120155}
Note: See TracChangeset for help on using the changeset viewer.