/[docman2]/doc/admin.html

This is repository of my old source code which isn't updated any more. Go to git.rot13.org for current projects!

Diff of /doc/admin.html

-revision 1.4 by dpavlin,
Sat Jul 27 22:26:32 2002 UTC
+revision 1.5 by dpavlin,
Sun Jul 28 11:40:08 2002 UTC
 Line 28 
 read that, right?</i>)
  )</small>
  </ol>
+ <a name="register_globals">
  <h2>Register Globals and PHP</h2>
  <p>Starting with version 2.0 docman doesn't need
-Line 108 
 which are local to that repository. Usua
+Line 109 
 which are local to that repository. Usua
  <tt>repository/.info.inc</tt> file. However, you can also use
  <tt>realm/http_host/script_path/info.inc</tt> file is you are
  using <a href="#path_realm">script path</a> as realm identifier.
+ <a name="security">
+ <h2>Overview of security fetures</h2>
+ <ul>
+ <li>authorisation using login and password
+ <li>works without <A href="#register_globals">register_globals</a> in PHP.
+ <li>all directory names taken from URL will be checked for parent directory
+ strings (<tt>..</tt>)
+ <li>all upload filenames are check for directory specification (if they
+ contain slash (<tt>/</tt>) upload will be aborted)
+ <li>all filenames taken from URL will be checked for parent directory (<tt>..</tt>) or slashes (<tt>/</tt>)
+ <li>all files are serverd from repository directory (which is not visible by web server) by <tt>docman.php</tt> script which enforces permission checking
+ </ul>

 Legend:



Removed from v.1.4
 


changed lines


 
Added in v.1.5
 Legend:



Removed from v.1.4
 


changed lines


 
Added in v.1.5
-Removed from v.1.4
+Added in v.1.5

	ViewVC Help
Powered by ViewVC 1.1.26