security

Dec 08, 2008

Quills Weblog Admin

Filed Under:

Quills weblog admin portlet shouldn't display to non-privileged users.

A bug I encountered with Quills weblog product is the weblog admin portlet being viewable to non-privileged users. This was not a desired result, so off to google I went.
Luckily there was already a diff I could use to patch the offending code in parts/instance/lib/python/quills/app/portlets/weblogadmin.py.

Here is the link to the diff: http://dev.plone.org/collective/changeset/52562/quills.app/trunk/quills/app/portlets/weblogadmin.py?format=diff&new=52562 . Patch the file and the portlet is no longer viewable to non-privileged users.

Dec 03, 2008

What You Don't Know

Filed Under:

Earlier today while logged into irc, someone asked what the repercussions of chmod 644 /var/log/messages would be. Wanting to save someone from themselves (as well as work on my people skills), I replied.

Logs are mostly a security tool and the default permissions are in place as part of the security. I would recommend a tool such as logcheck, which is fairly easy to configure out of the box. It will also mail reports to the user of your choice.

I must be getting into the holiday spirit.

Sections

2008

2009

2010

security

Dec 08, 2008

Quills Weblog Admin

Dec 03, 2008

What You Don't Know

admin

http://swattek.pip.verisignlabs.com/