12 |
<a href="upgrade.html">Upgrade from v1.x</a> |
<a href="upgrade.html">Upgrade from v1.x</a> |
13 |
<li><a href="new_directory_layout.html">New Directory Layout</a> and how that increase security |
<li><a href="new_directory_layout.html">New Directory Layout</a> and how that increase security |
14 |
<li><a href="performance.html">Performance tips</a> |
<li><a href="performance.html">Performance tips</a> |
15 |
|
<li><a href="trustee.html">Trustee</a> documentation (ACL) |
16 |
</ol> |
</ol> |
17 |
|
|
18 |
<h2>Errors</h2> |
<h2>Errors</h2> |
112 |
using <a href="#path_realm">script path</a> as realm identifier. |
using <a href="#path_realm">script path</a> as realm identifier. |
113 |
|
|
114 |
<a name="security"> |
<a name="security"> |
115 |
<h2>Overview of security fetures</h2> |
<h2>Overview of security features</h2> |
116 |
|
|
117 |
<ul> |
<ul> |
118 |
<li>authorisation using login and password |
<li>authorization using login and password |
119 |
<li>works without <A href="#register_globals">register_globals</a> in PHP. |
<li>works without <A href="#register_globals">register_globals</a> in PHP. |
120 |
<li>all directory names taken from URL will be checked for parent directory |
<li>all directory names taken from URL will be checked for parent directory |
121 |
strings (<tt>..</tt>) |
strings (<tt>..</tt>) |
122 |
<li>all upload filenames are check for directory specification (if they |
<li>all upload filenames are check for directory specification (if they |
123 |
contain slash (<tt>/</tt>) upload will be aborted) |
contain slash (<tt>/</tt>) upload will be aborted) |
124 |
<li>all filenames taken from URL will be checked for parent directory (<tt>..</tt>) or slashes (<tt>/</tt>) |
<li>all filenames taken from URL will be checked for parent directory (<tt>..</tt>) or slashes (<tt>/</tt>) |
125 |
<li>all files are serverd from repository directory (which is not visible by web server) by <tt>docman.php</tt> script which enforces permission checking |
<li>all files are served from repository directory (which is not visible by web server) by <tt>docman.php</tt> script which enforces permission checking |
126 |
|
<li><a href="trustee.html">trustees</a> can be used to provide fine-graded |
127 |
|
security permissions on files and directories |
128 |
</ul> |
</ul> |