/*
    Pagetool
    Copyright 2001,2002 Pagetool Development Team
    pagetool-user@lists.sourceforge.net http://www.pagetool.org/
    $Id: SECURITY.txt,v 1.1 2002/05/03 12:41:46 daveguerin Exp $
*/

SECURITY DISCLAIMER

=====================

Pagetool stores the username and password to your mySQL database 
and an ftp username and password in a file called pt_config.inc. 
This file is stored in an include file that is outside the web 
tree, so it is not accessible to web surfers. However, by default, 
it is world-readable, meaning any user of the system can read it. 

The reason it is world-readable is so that the user that your web 
server runs as (often the user is nobody, or www, or www-data) can 
read it. If the web server cannot read this file, than Pagetool
will not work properly. 

If you run your own linux server and you trust all the users of 
your system, then this is not a problem. However, if you do not 
trust the users of your system, or you are being hosted on an 
ISP and you do not have root access to the machine, then you will
need to make some changes.  

IF YOU HAVE ROOT ACCESS
You should add the user that your web server runs under to the 
group that owns the pt_config.inc file. Then, you will need to change
the permissions on pt_config.inc so that is is group readable, but
not world readable.

For example:
The user that your web server runs as is: nobody
The user that owns the pt_config.inc file is: jbrown
jbrown belongs to a group that is also called: jbrown

First, edit your /etc/group file. Find the line that reads something
like: 

jbrown:x:1021:

Change it to read:

jbrown:x:1021:nobody

If there is already a username after the last colon (for example
jbrown:x:1021:ssmith), the add a comma followed by nobody (i.e.
jbrown:x:1021:ssmith,nobody).

If you get stuck, you can try "man group" to get more information
about modifying the group file.

Finally, change the permissions of pt_config.inc so that it is
group readable, but not world readable:

chmod 640 pt_config.inc

IF YOU DO NOT HAVE ROOT ACCESS
If you are running Pagetool on a "shared hosting"
account purchased through an ISP, you will want to make sure
that other accounts on this machine cannot access your
password file. (Try typing "cd /" at the unix prompt. If
you are then able to browse around in various home directories,
your shared hosting account is not secure. If on the other
hand, the root directory you have access to contains only
files related to your account, then your shared hosting
account is most likely secure. Try the same thing after ftp'ing
into your site. See if you can browse other users home directories.) 

If your site is not secure, then you may need to request a special favor 
from your ISP. Ask them to add the user that the web server runs under
to your group (you may want to email them this security document as an
explanation). Then, change the permissions on your pt_config.inc file
so that it is group readable but not world readable by typing:

chmod 640 pt_config.inc

FINAL NOTE ON SAFE MODE
Finally - your ISP may be running php with safe_mode enabled. When running 
in safe_mode, php's permissions are restricted by the user that owns the script 
be executed. In other words, if you are running in safe_mode, then another 
user on the system will be unable to write a php scripts that reads your 
pt_config.inc. 

However, if you are running php with safe_mode enabled, the file upload feature
of Pagetool will not work. To fix it, install Pagetool as you would normally,
then read the pt_config.inc file for instructions on how to use Pagetool's
upload feature via cgi (basically it involves changing a couple values and
moving the file to your cgi bin).
