[Typo3-debian] Multihosting using the debian package
Michael Stucki
mundaun at gmx.ch
Tue Jun 17 16:16:36 CEST 2003
Hi Steffen,
> the debian installer requires to be used as root. this will have
> consequences in providing it to "customers":
No, that's wrong! You _can_ actually run the script without root privileges.
The script will simply skip the permission changes and add a note on the
screen.
You *could* run the script as a user and then change all files to 666 and
dirs to 777. But that's really not the way to go, since this makes it
possible for _any_ user on this server to change your site...
> a security issue here is, that every customer would/should be able to
> (un)comment the die() function in install/index.php
> but this will affect _every_ site of the server.
I think the easiest way to handle this would be to control the access to the
/install subdirectory through Apaches VirtualHost configuration:
<Location /<path-to-site>/typo3/install>
Order deny, allow
Deny from all
</Location>
Cheers - michael
More information about the TYPO3-debian
mailing list