LILDBI-WEB-protection-stage3

De Wiki REDDES

Tabla de contenidos

Linux and Windows

1.1 create `uploads` folder below bases/lildbi/

1.2 copy all content from 'htdocs/lildbi/docsonline/?' folders to 'bases/lildbi/uploads/.'

Ex. under linux: cp -R htdocs/lildbi/docsonline/? bases/lildbi/uploads/.

If you prefer a little more security in this procedure, you can copy first and then delete.

Delete only the directories with one character name in the folder htdocs/lildbi/docsonline/ . Like this:

rm -rf htdocs/lildbi/docsonline/?/

1.3 make sure the folder created in step 1 and all the subdirectories have writing permission for webserver users

Linux

Versão 1.7a

Fixed version - Tested under Internet Explorer and Firefox

2.1 package full download (update 08/13/2010):

 Media:Lildbi-linux-secure-upload.tar.gz 


That package is to be applied for those who already use the full version


 Media:Ie-cgi-bin.tar.gz‎ 

Version 1.7

tested under Internet Explorer and Firefox

Download the package of item 2.1 and then follow the same procedures to decompress the file below.

2.2 Download the packagelildbi-web-linux-1.7.tar.gz

 Media:Lildbi-web-linux-1.7.tar.gz 
   cgi-bin/lildbi/scripts/lildbiw.xic

Version 1.6

tested under Internet Explorer and Firefox

Download the package of item 2.1 and then follow the same procedures to decompress the file below.

2.3 Download the package lildbi-web-linux-1.6.tar.gz

 Media:Lildbi-web-linux-1.6.tar.gz
 cgi-bin/lildbi/scripts/lildbiw.xic

Windows

=== Versão 1.7a ===
Tested under Internet explorer y Firefox

3.1 Download of package

 Media:Lildbi-win-secure-upload.zip

Versão 1.7

Download the package of item 2.1 and then follow the same procedures to decompress the file below.

3.2 Download of package lildbi-web-win-1.7.zip

 Media:Lildbi-web-win-1.7.zip 
 cgi-bin/lildbi/scripts/lildbiw.xic


Versão 1.6

Download the package of item 2.1 and then follow the same procedures to decompress the file below.

3.3 Download lildbi-web-win-1.6.zip package

 Media:Lildbi-web-win-1.6.zip  
 cgi-bin/lildbi/scripts/lildbiw.xic


Linux e Windows

4. decompress the lildbi_linux_secure_upload.tar.gz package in the LILDBI-Web root folder

Ex.: cd /home/<raiz-do-lildbi>/

    tar xvzpf lildbi_linux_secure_upload.tar.gz

This step will replace/create the following files:

     cgi-bin/lildbi/p/Importacao.htm
     cgi-bin/lildbi/p/EdDescricao.htm
     cgi-bin/lildbi/i/Importacao.htm
     cgi-bin/lildbi/i/EdDescricao.htm
     cgi-bin/lildbi/upload/upload.xis
     cgi-bin/lildbi/upload/messages.xis
     cgi-bin/lildbi/e/Importacao.htm
     cgi-bin/lildbi/e/EdDescricao.htm
     htdocs/lildbi/lw-upload/upload.js
     htdocs/lildbi/lw-upload/mkdir.php
     htdocs/lildbi/lw-upload/config.php
     htdocs/lildbi/lw-upload/upload.css
     htdocs/lildbi/lw-upload/functions.php
     htdocs/lildbi/lw-upload/upload-file-form.php
     htdocs/lildbi/lw-upload/index.php
     htdocs/lildbi/lw-upload/texts.php
     htdocs/lildbi/lw-upload/upload-file-control.php
     htdocs/lildbi/lw-upload/upload-iso.php
     htdocs/lildbi/docsonline/pft/formInit.pft
     htdocs/lildbi/docsonline/pft/newFormInit.pft
     htdocs/lildbi/docsonline/pft/outputInit.pft
     htdocs/lildbi/docsonline/pft/subdir.pft
     htdocs/lildbi/docsonline/pft/newInputFile.pft
     htdocs/lildbi/docsonline/get.php

WARNING: After decompressing the package, please verify changed/new files permissions as well as files' group and owner settings.

4.1 from versions 1.7 and 1.6:

           Descompress the version file
           Copy the file lildbiw.xic to the directory /<raiz-do-lildbi>/cgi-bin/lildbi/scripts/


5. Recommendation and practical(linux) examples about permission

Keep the recommendations for the Windows operating system


     /DOCUMENTROOT
     Owner--> different than webserver user
     find htdocs/lildbi/. -type d | xargs chmod 775
     find htdocs/lildbi/. -type f | xargs chmod 664
     chmod -R 000 htdocs/lildbi/?/admin


     /CGI-BIN
     owner --> Webserver user
     find cgi-bin/lildbi/. -type d | xargs chmod 775
     find cgi-bin/lildbi/. -type f | xargs chmod 664
     chmod 775 cgi-bin/wxis1660.exe


     /BASES
     if owner is the webserver user
     find bases/lildbi/. -type d | xargs chmod 755
     find bases/lildbi/. -type f | xargs chmod 644
     if owner is not the webserver user and the webserver user belongs to the group
     find bases/lildbi/. -type d | xargs chmod 775
     find bases/lildbi/. -type f | xargs chmod 664
     if the webserver user is not the owner nor the group
     find bases/lildbi/. -type d | xargs chmod 775
     find bases/lildbi/. -type f | xargs chmod 664
     find bases/lildbi/comum/docsonline/. -type f | xargs chmod 766
     find bases/lildbi/config/. -type f | xargs chmod 766
     find bases/lildbi/dbcertif/lilacs/. -type f | xargs chmod 766
     find bases/lildbi/dbnotcertif/lilacs/. -type f | xargs chmod 766
     find bases/lildbi/user/. -type f | xargs chmod 766
     find bases/lildbi/uploads/. -type d | xargs chmod 777
     find bases/lildbi/uploads/. -type f | xargs chmod 766
     chmod -R 777 bases/lildbi/dbcertif/lilacs
     chmod -R 777 bases/lildbi/dbnotcertif/lilacs
Herramientas personales