28 |
)</small> |
)</small> |
29 |
</ol> |
</ol> |
30 |
|
|
31 |
|
<a name="register_globals"> |
32 |
<h2>Register Globals and PHP</h2> |
<h2>Register Globals and PHP</h2> |
33 |
|
|
34 |
<p>Starting with version 2.0 docman doesn't need |
<p>Starting with version 2.0 docman doesn't need |
109 |
<tt>repository/.info.inc</tt> file. However, you can also use |
<tt>repository/.info.inc</tt> file. However, you can also use |
110 |
<tt>realm/http_host/script_path/info.inc</tt> file is you are |
<tt>realm/http_host/script_path/info.inc</tt> file is you are |
111 |
using <a href="#path_realm">script path</a> as realm identifier. |
using <a href="#path_realm">script path</a> as realm identifier. |
112 |
|
|
113 |
|
<a name="security"> |
114 |
|
<h2>Overview of security fetures</h2> |
115 |
|
|
116 |
|
<ul> |
117 |
|
<li>authorisation using login and password |
118 |
|
<li>works without <A href="#register_globals">register_globals</a> in PHP. |
119 |
|
<li>all directory names taken from URL will be checked for parent directory |
120 |
|
strings (<tt>..</tt>) |
121 |
|
<li>all upload filenames are check for directory specification (if they |
122 |
|
contain slash (<tt>/</tt>) upload will be aborted) |
123 |
|
<li>all filenames taken from URL will be checked for parent directory (<tt>..</tt>) or slashes (<tt>/</tt>) |
124 |
|
<li>all files are serverd from repository directory (which is not visible by web server) by <tt>docman.php</tt> script which enforces permission checking |
125 |
|
</ul> |