b2 [project page / test blog] [login] [register]

[ This is a test blog, with posts about the development of b2, and comments ]

[ Bugs/suggestions ? Check the Forums ! ]


Ian, I've been checking ShaoQi and yours. Both b2s suffered from the usual sign of unChModness of the template file.
To elaborate a bit on the permissions, most webservers actually run as "nobody". So cheking for perm 770 might never work unless the webserver is set to run as the logged user of the server or an user in an usergroup of this server. Both solutions are likely to provoke security holes and indiscrete peeking, this is why they're runned as "nobody". Someone comment me if I'm wrong, please.
Therefore, you've got to check for the permission for 'owner','group', but also 'others', which means checking each is set to 6 (read+write) or more (7, aka read+write+execute). And checking for >= 666 wouldn't help either. After all, 700 is more than 666 but makes a file accessible only to its owner...
michel v @ 02:59:22 457
4 comments, no trackback, no pingback


:: comments


ian - email - url
hey, why didn't i think about that? i've been doing all kinds of strange things like chmoding my index.php and templates.php. and no, security holes are not likely. they are only definite to happen if stuff is chmoded to 777, which happens to be world-writable (i think), and CGI scripts of any language would thus be able to take advantage. because, of course, the last digit refers to world privelleges -- and on a UNIX system a user STILL requires a password, so 770 should be pretty safe.
18.10.01 @ 11:13:10 800


ian - email - url
oh yeah, and 776 is also like 777, just that there's no execute permission.
18.10.01 @ 11:15:48 802


dan - email
great site

Buy Oxycontin
18.10.04 @ 05:46:06 573


John - email
great site

Play Blackjack

Online Gambling

Free Online Casino
20.11.04 @ 22:28:14 311


:: leave a comment





your comment

Auto-BR (line-breaks become <br> tags)


[powered by b2.]

march 2004
january 2004
december 2003
november 2003
october 2003
july 2003
june 2003
may 2003
march 2003
november 2002
october 2002
september 2002
august 2002
july 2002
june 2002
may 2002
april 2002
march 2002
february 2002
january 2002
december 2001
november 2001
october 2001
september 2001
august 2001
july 2001
june 2001

What is b2 ?
A classy news/weblog tool (aka logware).

How does it work ?
You type something and hit "blog this" and in the next second it's on your page(s). You can write extended entries, or even entries that span multiple pages. You can also use BloggerAPI clients to post to your b2 weblog.
What's original in b2 ? Pages are generated dynamically from the MySQL database, so no clumsy 'rebuilding' is involved. It also means faster search/display capabilities, and the ability to serve your news in different 'templates' without any hassle.

Requirements ?
A server that can run PHP4, and a MySQL database (you can install b2 in an already existing database, and you can put several b2's in one database).

Where can I download it ?
b2 0.6 is the latest public release.
You can also visit the CVS server for the latest code, at your own risks.
See the ReadMe file for requirements and installation instructions.

Contact info ?
E-mail: m@tidakada.com
Forums: over there. :)

Post categories:



They are powered by b2:

e-mail me when you install b2 on your site, include your URL to be linked here.


Recently updated b2 weblogs:

To be included in that list whenever you post to your weblog, please use b2 v0.6 or later, and then e-mail update@tidakada.com with: your site's name, URL, e-mail, and a password. You will then receive an e-mail with an ID string that you'll have to paste in your b2config.php file. And then you'll be linked there :)


<< # [powered by b2] ? >>


If you like b2, please rate it at HotScripts.com