You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Forrest Aldrich <fo...@forrie.com> on 2004/08/20 23:57:56 UTC
[users@httpd] Apache PUT Configuration and Security...
One of our internal requirements is to upload custom web content, and
WYSIWYG thereof.
Mozilla Composer uploads edited contend useing ftp or HTTP PUT (perhaps
HTTP POST?). We can implement the server side of this using PHP, but
can't confirm. Using FTP has the problem of integration with our
authentication/access mechanism, which uses an encrypted ticket in an
HTTP cookie. Thus, I'm thinking we'll need HTTP PUT support to make
this feature possible.
I wonder if we can configure PUT with Apache, and how to do this
securely. and limit the acceptable URLs (ie: /some/path/pages/*/*) and
ensure that no scripts or binaries are ever executed from there. Is
there a mod_put or something that will handle the file writing, or will
I need to write a CGI to do accomplish this?
Thanks.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Apache PUT Configuration and Security...
Posted by Nick Kew <ni...@webthing.com>.
On Fri, 20 Aug 2004, Forrest Aldrich wrote:
> I wonder if we can configure PUT with Apache,
I expect the manual pages fro mod_dav will tell you.
> and how to do this
> securely.
Insufficient information. Security is relative.
> and limit the
acceptable URLs (ie: /some/path/pages/*/*) and
See above.
> ensure that no scripts or binaries are ever executed from there. Is
Simple application of Options and AllowOverride.
> there a mod_put or something that will handle the file writing, or will
> I need to write a CGI to do accomplish this?
Your choice.
--
Nick Kew
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org