about after install ???
|
austin
Joined: 2005-05-23
Posts: 3 |
Posted: Mon, 2005-05-23 07:55
|
|
Yes, the Gallery2 is really friendly and easly to install. I didn't spend over 10mins to finish it, but i happen one question is about, when i finish the install process. Then i was logout, and try to entry the /gallery/install.. Wao...it is still working again :o and can let me to change my setup. anyway, is there any process i didn't to remind it or it is one security bug? Now, i only to changed the /gallery/instal in the IIS dircetory security. So, is it a bug? thx again Austin |
|
Posts: 32509
Security? Certainly not. Remember how you had to authenticate? You had to create a file in install/login.txt, noone else but an authorized person can do that.
You could still access it because you are already authorized (and as long as you keep the installer cookie in your browser, you stay authorized).
And running the installer again doesn't destroy your G2 (unless you overwrite your G2 with a new version and then run the installer instead of the upgrader).
Bottom line: you can keep install/ on the server, it's no security risk.
Posts: 3
Cool, i can understand now.
Because, someone try to entry the /install, he still can't create the login.txt in my server directory, and can't go next step!
But how can i to keep this login.txt security?
Because if i try to do mywebsite/install/login.txt
the explorer can show the login.txt characters..
is it still save???
Posts: 32509
Yes, it's still safe because even if people can view login.txt, they can't change it. And they'd have to change it to get authorized.
Plus, there's a 1 to 16^32 (=2^128= 3.40282367 × 10^38) chance that the auth code generated is the same as the one in login.txt which is quite neglectable.
Posts: 3
cool, thanks for you reply as soon as possible.
But, i still to open ISS directory security for /install. :P
Still say thank you !!
Blessing!