Windows host installing php fusion

it should work.

photogallery works just fine on windows, no worries.

so

it doesnt matter that on the windows host you cant set any permissions...

it doesnt make it less secure than on a linux host???

just want to make sure since dont want to be at risk.

cheers

The info they provide sounds solid to me.

It does make it less secure than a linux host. Having full rights for all files requires an intensive focus on security. You will have to make sure you don't use unofficial components (infusions, mods etc) because they could give you headaches.

How so? Knowing the fact that all your files are writable - even the sensitive ones, like config.php - if you would be using an infusion created by a bad guy, that could easily change your config.php or the maincore.php in a manner that all users and passwords are sent to an email address.

Of course, this is only a hypothetical situation. I can't say there are infusions like this but I also cannot say there aren't, simply because I don't know them all. What I can certainly say about this whole thing is the fact that there are plenty of bad guys out there.

It might look like paranoia, but if all your files are writable (aka CHMOD 777) the risk exists. Sorry for bringing the not so good news.

Good thinking there.

Maybe you should ask them to put config.php into readonly :)

Then again, paranoia goes for all hosts, any infusion by a badguy can send all emails to any address or delete the entire database.

No expert on chmod here, but isn't 644 writable for owner of file?

I'm going to stop thinking about this before i get too paranoid :)

That's true for a Linux host, not for Windows. Check this out.

A user connects to the server through FTP and uploads a whole bunch of files. These files will be the PHPFusion site.
Important: The FTP user is the owner of the uploaded files.
Second: Files uploaded through the portal and all the PHP scripts will be executed by another user - the web server's user - usually apache.
Conclusion: CHMODded to 644, config.php can't be altered by a web script.

A user connects to the server, uploads the files through FTP and all the rights are set to full rights for everyone "so you can edit anything on your account". (what a lame excuse...) :(
Fact: The FTP user is the owner of the files.
Second fact: In that "full rights to everyone" configuration, all the scripts can alter files on the server unless the admin does something about it.
Conclusion: If the files are not manually set to read-only, their CHMOD equivalent is 777, which is BAD because the web server's user can also change files on the server.

Let the paranoia begin. :P

ah, right!

So conclusion is that he should ask host to either put read only via ntfs or IIS if that's the case.

but does that then mean that the directories/files that are meant to be writeable wont be?

such as those for the gallery etc???

And if a infusion needs to be added each time then the host will have to configure it?

would feel better if it something that i got control over..

Hi

just wondered if anyone had an answer to my previous post...

not using the host until i know it going to be safe....

Then again what ways is there to check that it is going to be safe?

Is there some testing that i could do?