live code seems to gratuitously unlock write permission for directories
Alex Tweedly
alex at tweedly.net
Sun Dec 4 18:24:36 EST 2016
Thanks Stephen - this isn't one of my Dreamhost sites, it's still on
on-rev.
I am 99% sure the downloads directory was readable at one time - but
I've decided to keep the extra security of explicitly deciding which
URLs to to give out, and to whom - rather than a more permissive (even
if filtered and parameterized) script. That would probably be a
different decision if I had a larger number of files - but it's
basically only a dozen or so files, referenced from 4 or 5 pages, plus a
few mentioned in individual emails.
Thanks everyone for the help ...
-- Alex.
On 04/12/2016 03:26, Stephen Barncard wrote:
> This has been standard practice for shared hosting at Dreamhost for years.
> I made an index.irev file that looked at the contents of the directory and
> displayed a list, subject to filtering. Parameters set with simple txt
> file. Very easy.
>
> sqb
>
> --
> Stephen Barncard - Sebastopol Ca. USA -
> mixstream.org
>
> On Sat, Dec 3, 2016 at 3:10 PM, Mike Bonner <bonnmike at gmail.com> wrote:
>
>> Most likely directory browsing is turned off. You could change the
>> setting, or you could put in an irev that gets "the files" and builds a
>> link list dynamically, minus itself of course.
>>
>> On Sat, Dec 3, 2016 at 3:54 PM, Alex Tweedly <alex at tweedly.net> wrote:
>>
>>> You're right - and I confess I don't know why the downloads folder is
>>> inaccessible. Permission is set to 755, and there's no .htaccess file or
>>> anything else I know of to prevent it.
>>>
>>> Anyway - if you wanted the taskrunner files, they are :
>>> - taskrunner.rev
>>> - taskClientLib.rev
>>> - test-task-runner.rev
>>> - verybusy.rev
>>> - IndexFiles.rev
>>> - CheckURL.rev
>>>
>>> and each one can be downloaded individually, for example
>>>
>>> http://tweedly.org/downloads/taskrunner.rev
>>>
>>>
>>> I guess I'll just have to find a silver lining ..... this must be a
>>> security measure to keep files hidden unless I reveal the actual URLs.
>> And
>>> I will very shortly change the taskRunner page to make the file entry
>> line
>>> into links that are clickable.
>>>
>>> (and btw, although I do still use taskRunner regularly, I haven't rebuilt
>>> the executables since probably LC 5.0 - so approach with some caution :-)
>>>
>>> -- Alex.
>>>
>>>
>>> On 03/12/2016 20:54, Alejandro Tejada wrote:
>>>
>>>> Hi Alex,
>>>>
>>>> Downloads folder in your server is not accessible.
>>>>
>>>> It's not possible to download this stack either:
>>>> http://tweedly.org/showpage.lc?page=taskRunner
>>>>
>>>> Al
>>>>
>>>> _______________________________________________
>>>> use-livecode mailing list
>>>> use-livecode at lists.runrev.com
>>>> Please visit this url to subscribe, unsubscribe and manage your
>>>> subscription preferences:
>>>> http://lists.runrev.com/mailman/listinfo/use-livecode
>>>>
>>>
>>> _______________________________________________
>>> use-livecode mailing list
>>> use-livecode at lists.runrev.com
>>> Please visit this url to subscribe, unsubscribe and manage your
>>> subscription preferences:
>>> http://lists.runrev.com/mailman/listinfo/use-livecode
>>>
>> _______________________________________________
>> use-livecode mailing list
>> use-livecode at lists.runrev.com
>> Please visit this url to subscribe, unsubscribe and manage your
>> subscription preferences:
>> http://lists.runrev.com/mailman/listinfo/use-livecode
>>
> _______________________________________________
> use-livecode mailing list
> use-livecode at lists.runrev.com
> Please visit this url to subscribe, unsubscribe and manage your subscription preferences:
> http://lists.runrev.com/mailman/listinfo/use-livecode
More information about the use-livecode
mailing list