Devlog :: And Wizardry

About
Devlog :: And Wizardry, An ongoing attempt to amuse and challenge myself. Interested?

My Name
Frank L. Cox

Flavours
index
Table (circa 2002)
circa 1993
RSS

Links
Devlog
Surfers Weather
Pwizardry.com
raelity bytes ;-)

Sun, 08 Jan 2006


*Update:* I had a security concern with one part of the Subversion solution I described [Friday http://www.pwizardry.com/devlog/blosxom.cgi/2006/01/06#svn_for_bookmarks]. I put my whole Firefox Profile under my htdocs/ directory. It was down two directory levels and both of them have a blank index.html files in them. This means no one can list the contents and they would have to guess the two directory names and include the name of one of the files there to have it served. I gave the example "http://pwizarcry.com/x/y/bookmarks.html" on Friday, but it wasn't in really x/y/. I was practicing /security by obscurity/ by not disclosing the real path. *So, what's the problem?* The problem is with the other things in a Firefox Profile other than bookmarks. For example: somewhere in there are cashed cached passwords and other form data that Firefox will conveniently autofill for me. You need a password to get at these files on my Workstation but now I had them !*/potentially/* available on the internet. *Who would care? Seems easy to fix anyway...* Not that anyone would care to look at my profile but... There's a simple fix. I moved the working copy of my profile out of htdocs/. Then I just added one line to the post-commit hook script. Now it will copy just the bookmarks.html file to htdocs/ after it updates the working copy. The rest of the solution is unchanged. [/items/Subversion] permanent link

---