live code seems to gratuitously unlock write permission for directories

classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|

live code seems to gratuitously unlock write permission for directories

Alejandro Tejada
Hi Alex,

Downloads folder in your server is not accessible.

It's not possible to download this stack either:
http://tweedly.org/showpage.lc?page=taskRunner

Al

_______________________________________________
use-livecode mailing list
[hidden email]
Please visit this url to subscribe, unsubscribe and manage your subscription preferences:
http://lists.runrev.com/mailman/listinfo/use-livecode
Reply | Threaded
Open this post in threaded view
|

Re: live code seems to gratuitously unlock write permission for directories

Alex Tweedly
You're right - and I confess I don't know why the downloads folder is
inaccessible. Permission is set to 755, and there's no .htaccess file or
anything else I know of to prevent it.

Anyway - if you wanted the taskrunner files, they are :
  - taskrunner.rev
  - taskClientLib.rev
  - test-task-runner.rev
  - verybusy.rev
  - IndexFiles.rev
  - CheckURL.rev

and each one can be downloaded individually, for example

http://tweedly.org/downloads/taskrunner.rev


I guess I'll just have to find a silver lining ..... this must be a
security measure to keep files hidden unless I reveal the actual URLs.
And I will very shortly change the taskRunner page to make the file
entry line into links that are clickable.

(and btw, although I do still use taskRunner regularly, I haven't
rebuilt the executables since probably LC 5.0 - so approach with some
caution :-)

-- Alex.


On 03/12/2016 20:54, Alejandro Tejada wrote:

> Hi Alex,
>
> Downloads folder in your server is not accessible.
>
> It's not possible to download this stack either:
> http://tweedly.org/showpage.lc?page=taskRunner
>
> Al
>
> _______________________________________________
> use-livecode mailing list
> [hidden email]
> Please visit this url to subscribe, unsubscribe and manage your subscription preferences:
> http://lists.runrev.com/mailman/listinfo/use-livecode


_______________________________________________
use-livecode mailing list
[hidden email]
Please visit this url to subscribe, unsubscribe and manage your subscription preferences:
http://lists.runrev.com/mailman/listinfo/use-livecode
Reply | Threaded
Open this post in threaded view
|

Re: live code seems to gratuitously unlock write permission for directories

Mike Bonner
Most likely directory browsing is turned off.  You could change the
setting, or you could put in an irev that gets "the files" and builds a
link list dynamically, minus itself of course.

On Sat, Dec 3, 2016 at 3:54 PM, Alex Tweedly <[hidden email]> wrote:

> You're right - and I confess I don't know why the downloads folder is
> inaccessible. Permission is set to 755, and there's no .htaccess file or
> anything else I know of to prevent it.
>
> Anyway - if you wanted the taskrunner files, they are :
>  - taskrunner.rev
>  - taskClientLib.rev
>  - test-task-runner.rev
>  - verybusy.rev
>  - IndexFiles.rev
>  - CheckURL.rev
>
> and each one can be downloaded individually, for example
>
> http://tweedly.org/downloads/taskrunner.rev
>
>
> I guess I'll just have to find a silver lining ..... this must be a
> security measure to keep files hidden unless I reveal the actual URLs. And
> I will very shortly change the taskRunner page to make the file entry line
> into links that are clickable.
>
> (and btw, although I do still use taskRunner regularly, I haven't rebuilt
> the executables since probably LC 5.0 - so approach with some caution :-)
>
> -- Alex.
>
>
> On 03/12/2016 20:54, Alejandro Tejada wrote:
>
>> Hi Alex,
>>
>> Downloads folder in your server is not accessible.
>>
>> It's not possible to download this stack either:
>> http://tweedly.org/showpage.lc?page=taskRunner
>>
>> Al
>>
>> _______________________________________________
>> use-livecode mailing list
>> [hidden email]
>> Please visit this url to subscribe, unsubscribe and manage your
>> subscription preferences:
>> http://lists.runrev.com/mailman/listinfo/use-livecode
>>
>
>
> _______________________________________________
> use-livecode mailing list
> [hidden email]
> Please visit this url to subscribe, unsubscribe and manage your
> subscription preferences:
> http://lists.runrev.com/mailman/listinfo/use-livecode
>
_______________________________________________
use-livecode mailing list
[hidden email]
Please visit this url to subscribe, unsubscribe and manage your subscription preferences:
http://lists.runrev.com/mailman/listinfo/use-livecode
Reply | Threaded
Open this post in threaded view
|

Re: live code seems to gratuitously unlock write permission for directories

Stephen Barncard-5
This has been standard practice for shared hosting at Dreamhost for years.
I made an index.irev file that looked at the contents of the directory and
displayed a list, subject to filtering. Parameters set with simple txt
file. Very easy.

sqb

--
Stephen Barncard - Sebastopol Ca. USA -
mixstream.org

On Sat, Dec 3, 2016 at 3:10 PM, Mike Bonner <[hidden email]> wrote:

> Most likely directory browsing is turned off.  You could change the
> setting, or you could put in an irev that gets "the files" and builds a
> link list dynamically, minus itself of course.
>
> On Sat, Dec 3, 2016 at 3:54 PM, Alex Tweedly <[hidden email]> wrote:
>
> > You're right - and I confess I don't know why the downloads folder is
> > inaccessible. Permission is set to 755, and there's no .htaccess file or
> > anything else I know of to prevent it.
> >
> > Anyway - if you wanted the taskrunner files, they are :
> >  - taskrunner.rev
> >  - taskClientLib.rev
> >  - test-task-runner.rev
> >  - verybusy.rev
> >  - IndexFiles.rev
> >  - CheckURL.rev
> >
> > and each one can be downloaded individually, for example
> >
> > http://tweedly.org/downloads/taskrunner.rev
> >
> >
> > I guess I'll just have to find a silver lining ..... this must be a
> > security measure to keep files hidden unless I reveal the actual URLs.
> And
> > I will very shortly change the taskRunner page to make the file entry
> line
> > into links that are clickable.
> >
> > (and btw, although I do still use taskRunner regularly, I haven't rebuilt
> > the executables since probably LC 5.0 - so approach with some caution :-)
> >
> > -- Alex.
> >
> >
> > On 03/12/2016 20:54, Alejandro Tejada wrote:
> >
> >> Hi Alex,
> >>
> >> Downloads folder in your server is not accessible.
> >>
> >> It's not possible to download this stack either:
> >> http://tweedly.org/showpage.lc?page=taskRunner
> >>
> >> Al
> >>
> >> _______________________________________________
> >> use-livecode mailing list
> >> [hidden email]
> >> Please visit this url to subscribe, unsubscribe and manage your
> >> subscription preferences:
> >> http://lists.runrev.com/mailman/listinfo/use-livecode
> >>
> >
> >
> > _______________________________________________
> > use-livecode mailing list
> > [hidden email]
> > Please visit this url to subscribe, unsubscribe and manage your
> > subscription preferences:
> > http://lists.runrev.com/mailman/listinfo/use-livecode
> >
> _______________________________________________
> use-livecode mailing list
> [hidden email]
> Please visit this url to subscribe, unsubscribe and manage your
> subscription preferences:
> http://lists.runrev.com/mailman/listinfo/use-livecode
>
_______________________________________________
use-livecode mailing list
[hidden email]
Please visit this url to subscribe, unsubscribe and manage your subscription preferences:
http://lists.runrev.com/mailman/listinfo/use-livecode
Reply | Threaded
Open this post in threaded view
|

Re: live code seems to gratuitously unlock write permission for directories

Alex Tweedly
Thanks Stephen - this isn't one of my Dreamhost sites, it's still on
on-rev.

I am 99% sure the downloads directory was readable at one time - but
I've decided to keep the extra security of explicitly deciding which
URLs to to give out, and to whom - rather than a more permissive (even
if filtered and parameterized) script. That would probably be a
different decision if I had a larger number of files - but it's
basically only a dozen or so files, referenced from 4 or 5 pages, plus a
few mentioned in individual emails.

Thanks everyone for the help ...

-- Alex.

On 04/12/2016 03:26, Stephen Barncard wrote:

> This has been standard practice for shared hosting at Dreamhost for years.
> I made an index.irev file that looked at the contents of the directory and
> displayed a list, subject to filtering. Parameters set with simple txt
> file. Very easy.
>
> sqb
>
> --
> Stephen Barncard - Sebastopol Ca. USA -
> mixstream.org
>
> On Sat, Dec 3, 2016 at 3:10 PM, Mike Bonner <[hidden email]> wrote:
>
>> Most likely directory browsing is turned off.  You could change the
>> setting, or you could put in an irev that gets "the files" and builds a
>> link list dynamically, minus itself of course.
>>
>> On Sat, Dec 3, 2016 at 3:54 PM, Alex Tweedly <[hidden email]> wrote:
>>
>>> You're right - and I confess I don't know why the downloads folder is
>>> inaccessible. Permission is set to 755, and there's no .htaccess file or
>>> anything else I know of to prevent it.
>>>
>>> Anyway - if you wanted the taskrunner files, they are :
>>>   - taskrunner.rev
>>>   - taskClientLib.rev
>>>   - test-task-runner.rev
>>>   - verybusy.rev
>>>   - IndexFiles.rev
>>>   - CheckURL.rev
>>>
>>> and each one can be downloaded individually, for example
>>>
>>> http://tweedly.org/downloads/taskrunner.rev
>>>
>>>
>>> I guess I'll just have to find a silver lining ..... this must be a
>>> security measure to keep files hidden unless I reveal the actual URLs.
>> And
>>> I will very shortly change the taskRunner page to make the file entry
>> line
>>> into links that are clickable.
>>>
>>> (and btw, although I do still use taskRunner regularly, I haven't rebuilt
>>> the executables since probably LC 5.0 - so approach with some caution :-)
>>>
>>> -- Alex.
>>>
>>>
>>> On 03/12/2016 20:54, Alejandro Tejada wrote:
>>>
>>>> Hi Alex,
>>>>
>>>> Downloads folder in your server is not accessible.
>>>>
>>>> It's not possible to download this stack either:
>>>> http://tweedly.org/showpage.lc?page=taskRunner
>>>>
>>>> Al
>>>>
>>>> _______________________________________________
>>>> use-livecode mailing list
>>>> [hidden email]
>>>> Please visit this url to subscribe, unsubscribe and manage your
>>>> subscription preferences:
>>>> http://lists.runrev.com/mailman/listinfo/use-livecode
>>>>
>>>
>>> _______________________________________________
>>> use-livecode mailing list
>>> [hidden email]
>>> Please visit this url to subscribe, unsubscribe and manage your
>>> subscription preferences:
>>> http://lists.runrev.com/mailman/listinfo/use-livecode
>>>
>> _______________________________________________
>> use-livecode mailing list
>> [hidden email]
>> Please visit this url to subscribe, unsubscribe and manage your
>> subscription preferences:
>> http://lists.runrev.com/mailman/listinfo/use-livecode
>>
> _______________________________________________
> use-livecode mailing list
> [hidden email]
> Please visit this url to subscribe, unsubscribe and manage your subscription preferences:
> http://lists.runrev.com/mailman/listinfo/use-livecode


_______________________________________________
use-livecode mailing list
[hidden email]
Please visit this url to subscribe, unsubscribe and manage your subscription preferences:
http://lists.runrev.com/mailman/listinfo/use-livecode