|
| |
|
|
Gil
Posts: 7533
From: North Carolina, USA
Status: offline
 |
RE: Server setup - File paths (unix/linux) - 5/30/2003 11:29:35
Katherine,
It' s hard to say ' for sure' without looking, but normaly the WWW directory is just mapped to the home or public_html directory - this goes back to when everyone thought it was kool to have a www. in as the 3rd level domain. That allows www.domain.com and domain.com to resolve to the same directory. I think you may need to do a little testing to see what paths you' ll need.
As to the SSL cert. - Yes, it will affect things. Anything that you need to be on a page that is secured will need to be in the secure directory (usualy something like home/secure)
I' ve never seen that particular directory structure - What OS is this? Is it Apache?
_____________________________
Gil Harvey, 1947-2004
|
|
|
|
abbeyvet
Posts: 5095
From: Kilkenny Ireland
Status: offline
|
RE: Server setup - File paths (unix/linux) - 5/30/2003 11:53:39
Thanks Gil,
Yes, its Apache on Linux - I have never seen a setup like it before either. When I first took a look I was appaled at the MESS!! There were 40 auto installed scripts - all out of date versions and some of them so out of date they were 1997 versions! - cluttering up the place. Took me quite a bit of time just junking them!
The /home directory itself is full of directories with what are obviosly the names of other sites - I can see all their names. Plus loads of different user directories. I opened one, another site which also belongs to my client while logged in as a user of his first site. I could not see anything there.
However while logged in as a user to one site, say with username " usera" , I was able to open the directory of " userb" on the same site browse to the www directory and upload, download and delete files to my hearts content.
I am really confused with this.
On the SSL, this means that instead of being able to just access a page using http:// or https:// as a matter of choice, following the SSL cert installation, I will need everything in a secure folder? Even the script, in a seperate secure cgi-bin? Who would set up the secure folder?
That would be an awful nuisance.
It is a domain specific cert from Geotrust.
_____________________________
Katherine
:: InKK Design :: InKK Domains
| |
|
|
|
Gil
Posts: 7533
From: North Carolina, USA
Status: offline
|
RE: Server setup - File paths (unix/linux) - 5/30/2003 12:20:40
quote:
However while logged in as a user to one site, say with username " usera" , I was able to open the directory of " userb" on the same site browse to the www directory and upload, download and delete files to my hearts content.
Whoa!!!!! That' s a time bomb waiting to go off!
Any chance of talking the client into moving to one of your servers?
quote:
On the SSL, this means that instead of being able to just access a page using http:// or https:// as a matter of choice, following the SSL cert installation, I will need everything in a secure folder? Even the script, in a seperate secure cgi-bin? Who would set up the secure folder?
That would be an awful nuisance.
It is a domain specific cert from Geotrust.
The cert should be issued to a domain. Mine is issued to secure.thehstfactory.net - If it is issued to the 2d level domain IE: domain.com you could access any directory by using the https protocol - BUT, I' ve never seen that - not sure what the ramifications might be. Remeber that anything using https is going to go thru a 128 bit encryption and be slow - you normaly only use https for things (forms) that need it and run everything else out side the encryption.
_____________________________
Gil Harvey, 1947-2004
| |
|
|
|
abbeyvet
Posts: 5095
From: Kilkenny Ireland
Status: offline
|
RE: Server setup - File paths (unix/linux) - 5/30/2003 12:31:50
quote:
That' s a time bomb waiting to go off!
Yeah, I am not too thrilled about it myself, I have dropped a line to my client. Don' t think I will be able to move him though, more is the pity.
I understand about SSL on locations like secure.thehstfactory.net. But we are having a Cert issued and installed specifically for myclientssite.com, rather than using the shared one, which is available.
I do not intend to have general use of https when browsing etc, but to give the option to users that certain transactions, such as support and the like, are conducted over a secure connection.
Thus I don' t want to have to install everything twice, which would be a pain, but to have the same stuff available either way.
_____________________________
Katherine
:: InKK Design :: InKK Domains
| |
|
|
|
Gil
Posts: 7533
From: North Carolina, USA
Status: offline
|
RE: Server setup - File paths (unix/linux) - 5/30/2003 13:40:38
quote:
I do not intend to have general use of https when browsing etc, but to give the option to users that certain transactions, such as support and the like, are conducted over a secure connection.
I see no reason that won' t work - just have never seen it before.
I didn' t mean to imply the cert at secure.thehostfactory was a ' shared' SSL - it' s not. Example of what I have always seen. IBM has a SSL directory - it' s secure.ibm.com The IBM.com is not SSL. Everything that needs security is in the secure directory or a sub directory under that.
_____________________________
Gil Harvey, 1947-2004
| |
|
|
|
Gil
Posts: 7533
From: North Carolina, USA
Status: offline
|
RE: Server setup - File paths (unix/linux) - 5/30/2003 15:24:45
quote:
But we are having a Cert issued and installed specifically for myclientssite.com, rather than using the shared one, which is available
With the directory configuration of that server, that' s like locking a screen door [:j]
< Message edited by Gil -- 5/30/2003 3:25 PM >
_____________________________
Gil Harvey, 1947-2004
| |
|
 New Messages |
 No New Messages |
 Hot Topic w/ New Messages |
 Hot Topic w/o New Messages |
 Locked w/ New Messages |
 Locked w/o New Messages |
|
Post New Thread
Reply to Message
Post New Poll
Submit Vote
Delete My Own Post
Delete My Own Thread
Rate Posts
|
|
|
Printable Version 
! I would definitely write a release of liability (on this issue) into the contract.
