Our website is on a shared server and we can change file and directory permissions using cPanel. What are the recommended permissions for the IPN Listener and the IPN Log file?
Currently, they are both set to "0644". However, the Log text file can be viewed through a web browser if you know the URL, which can't be good. I don't see any recommendations on PayPal for this.
I did see an older post that mentioned 0755 for the Listener. Is this still recommended?
File permissions generally don't correlate with whether people can access your files through the web. Permissions only relate to what users and programs on the local server can access the file how.
The ideal permissions would be the minimum required for the web server to serve the file, and for you to be able to upload/edit it.
644 is very common I think, but because it's a shared server, I'd check with the server administrator for the optimal setting.
If you have a log text file that you don't want to be viewed through the web, the safest way is definitely to place it outside the web root.
Related
I am have AWS EC2 Server with my App Backend and Database there.
My new developer needs to upload few things in the Database and update Backend code but I don't want to give him the PEM.
He needs to SSH
Whats the best possible way to do it? I was thinking of creating an IAM User for him - but I only want him to give SSH Access, so permission would that be? I could only find a general full permission EC2 which would also give him permission to edit the Security Group and things like that.
I do trust him well, but I just don't want to give him full access in general.
What can I do?
Why not allow your developer to connect using session manager.
If you use this he can access the environment either in his browser or via the AWS CLI.
He should be able to mimic a regular session but without having the key, then when he's done you remove the permissions of the server. You can also enable logging to check the history of his sessions actions.
If you want to update code you should at some point take a look at using code deploy to have the code automatically rolled out without even accessing the server.
My target site needs AD auth to browse and use the admin portal. All is fine there. This means syncing to this server via username and password authentication doesn't work. Does this mean i need to enable x.509 authentication?
If you mean using the Staging Module, the staging module's "Username and password" really is not linked to the actual CMS Users. You can put whatever Username and Password on the Destination server, and connect to it from the Source.
x.509 is also fine.
Tell me if you aren't talking about the Staging Module though.
You may need to do 1 of 2 things:
Enable mixed mode authentication. Yes the overall authentication doesn't need to use a physical cms_user user but since you have AD Authentication enabled, anytime another user or service tries to access a system page it may require them to log in.
Create a web.config location node in your /CMSPages/Staging/web.config file that excludes anyone or everyone to access a the SyncServer.asmx page within there.
Otherwise configure the x.509 certificate setup.
I'm using moodle 2.7 ,i need to use LDAP authentication for allowing users to login using external LDAP server(with their username and password).i have tried with the apache directory studio.But i got "Invalid login" error.But the login details were correct.
Please suggest me with some other LDAP server and how to add user details in that server and do authentication in moodle.
FusionDirectory is a reasonable alternative. It's based on OpenLDAP and it's pretty well documented.
Assuming that you're in a Linux environment, you can install it relatively easily/quickly via SSH. Once the download is complete, follow the on-screen instructions which is not that wildly different from setting up any odd CMS/LMS. The default URL is yourdomain.url/fusiondirectory.
When that's all done and dusted, you'll be taken back to the login page where you can sign in for the first time using the credentials you created during the set up process.
You can use your dashboard to add users/groups.
Once you've got a few users in there, it's now time to jump back to Moodle. Hop over to Site Admin -> Plugins -> Authentication -> Manage Authentication and enable "LDAP Server" then open up its settings. Fill in the details of your LDAP server such that it matches the details of the FusionDirectory.
This will set up the connection, but you will finally need to set up a cron job to regularly sync your databases together. Jump to SSH or cPanel->Cron jobs (Whatever option you prefer) and run the following crontab:
wget -q -O /dev/null https://yourdomain.url/auth/ldap/cli/sync_users.php
It's up to you how frequently you choose to set it.
HTH.
We currently have a FileMaker Server instanace running, it already has PHP web publishing running.
I'm just wondering is it as simple as ticking enable XML web publishing for it to be up and running or have I got to restart the server??
Thanks
You need to enable it in the server deployment, then you need at least 1 user account in the file with the extended privilege to grant access via php/xml/iwp etc. You will need a user account in EACH file you want to have access to with the appropriate extended privilege.
Then comes the fun of actually working with the FMXML or FMPHP engine hehe.
I have a application .net that search a folder on report server and reads the reports inside that folder and display on asp.net page. The permissions for the asp.net user are working fine to deploy and execute on website.
Now, I want to users to deploy on "My reports" folder, so they only see theirs reports.(The users have access to report server and use report builder).
I search and I could not find a solution for this:
I want to give permissions to an a user (the same that is running on asp.net server), to access all "My reports" folder of all users(Users Folder), so I can execute the reports inside users folder on website.
I put the asp.net server user as local administrator of the report server, but with that permission te user can only see the content of the folder, this user can not execute the report. Any idea what is the problem?
I finally found a solution, and does not involve add users to local administrator of the machine.
I used the IAuthorizationExtension.
I found this example that enable anonymous access for all users witch was a start.
On my implementation I used WindowsAuthorization, because I want to keep the existing authorization and give access to one specific user. On all CheckAccess methods I check if the user is the one I want to give access and return true otherwise return the WindowsAuthorization.CheckAccess(...). On all others methods of the interface I also used the WindowsAuthorization.
With this solution the user running website can access all content of reporting services.