[opencms-dev] Securing the system

Hartmann, Waehrisch & Feykes GmbH hartmann at waehrisch-feykes.de
Fri Feb 6 11:11:00 CET 2004


I think you muddle up publishing with static exporting. OpenCms has its own
access management and doesn't know anything of the access management of your
HTTP-Server (you say asp so i assume IIS). If pages with limited access
would be statically exported OpenCms would loose control over these files.
In an open system anyone could request them. Therefor the pages are not
exported during the publishing process. But they still get available in your
online project where OpenCms has control over them and can check access
rights.


----- Original Message ----- 
From: "Michael Goodwin" <mgoodwin at amadeus.net>
To: <opencms-dev at opencms.org>
Sent: Friday, February 06, 2004 10:17 AM
Subject: Re: [opencms-dev] Securing the system


>
>
>
>
>
> >> I would like to prevent people from seeing files that have not been
> >> exported statically. Anyone achieved this?
> >>
> >> What seems logical to me is to remove the read permission for 'others'
> for
> >> the files. However when this is done there is an error when you publish
> the
> >> files. What rights does the publishing process operate with?
> >
> >But it does work as wanted, doesn't it? So read over the error messages.
>
> No it doesn't work. The file is unviewable unless you are logged in (the
> desired result), but it doesn't get published. The export seems to have
the
> same permissions as 'others', which is logical but in this case
> undesirable. The site itself has its own authentication in asp (used for
> statistical purposes, but also because there maybe some fairly sensitive
> information). Thanks for any help.
>
>
>
>
>
> _______________________________________________
> This mail is send to you from the opencms-dev mailing list
> To change your list options, or to unsubscribe from the list, please visit
> http://mail.opencms.org/mailman/listinfo/opencms-dev




More information about the opencms-dev mailing list