Re: [K12OSN] GPL software like schoolmation
Myles O (milo@fullsite.com)
Fri, 21 Feb 2003 20:10:34 -0800 (PST)
Yes that is correct.
Right now the connection info needs to be in the 5
different scripts or else you will have all sorts of
permission problems inside schoolmation. The system will
not be able to identify where you are and if you are
allowed there.
i.e a student could see teacher info.
Myles
schoolmation.net
Quoting Tim Litwiller :
> This really is not much of a problem unless the
unauthorized user can
> browser the dile system with ftp or samba, make sure
they can't do
> that, One suggestion I would make is to put the
connection info in one
> file and include_once in the files where it currently
is, you should
> only have to put that information in once, not 5 times.
>
> >The connect scripts problem is not a problem at all I
> >believe. It is how most (if not all) mysql systems work.
> >The important thing is to make sure that the .php is on
> >the end of the connect script so as no one can read the
> >file by just typing in the url.
> >
> >We have not had an instance of this being a problem with
> >any school so far. I repeat that most people do it this
> >way in one form or another.
> >
> >If it really worries you you could put the connect
> >scripts outside the web space. It will not be easy but
> >it could be done. You will have to move other files with
> >the connect scripts as well. i.e check.inc.php and
> >checkuser.php. PHP can require or include files from
> >directories outside the web space.
> >
> >Myles
> >schoolmation.net
> >
> >
> >
>
>
>
>
>
> _______________________________________________
> K12OSN mailing list
> K12OSN@redhat.com
> https://listman.redhat.com/mailman/listinfo/k12osn
> For more info see
>
_______________________________________________
K12OSN mailing list
K12OSN@redhat.com
https://listman.redhat.com/mailman/listinfo/k12osn
For more info see