[Rack] Blog moved over

Andy Isaacson adi at hexapodia.org
Mon Dec 12 09:50:37 UTC 2011


On Sun, Dec 11, 2011 at 10:19:57PM -0800, Rubin Abdi wrote:
> Rubin Abdi wrote, On 2011-12-09 17:47:
> > Andy: Any more security magic you want to do? The site should work fine
> > through either a CNAME or A record through that IP address. Let me know
> > when you're ready to do so so I can flip some switches on my end.
> 
> Andy: Ping? Do you want to OCD over security or be done and just push
> the CNAME over?

Are you running the PHP scripts as a separate user?  (doesn't look like
it, but I'm not sure.)

Does the PHP user have write access to any script paths?  (I think they
do, but it depends on the answer to the above.)

Do the PHP scripts come from a .deb or a repo of some kind, or are they
installed via "download and untar"?  If the latter, do we have any way
of knowing that we need updates when they get security fixes?
(I suspect the answer is "we got owned by this the last time, may as
well do it the same way again.")

I guess that's OCD kinda like making sure, before you drive the car, it
has seatbelts and a working brake pedal.

Thanks,
-andy



More information about the Rack mailing list