[Bug 220931] Review Request: ZoneMinder - Linux CCTV package
bugzilla at redhat.com
bugzilla at redhat.com
Sun Jun 24 20:19:37 UTC 2007
Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug report.
Summary: Review Request: ZoneMinder - Linux CCTV package
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=220931
------- Additional Comments From tibbs at math.uh.edu 2007-06-24 16:19 EST -------
I didn't realize that the files were actually served directly out of the events
directory.
Your solution seems to be about as good as possible, except that in addition I
think you could consider disabling indices in those directories (or everywhere
in the zm directory). Frankly I don't understand why it might be useful to have
them enabled. You might also consider documenting how to disable the
zoneminder's login and set up regular Apache access control in this case.
It's really not much protection as it should be trivial to guess the directory
structure there; zm would have to switch to using random strings instead of
whole numbers starting at 1 for cameras and events if the authors don't want to
switch to serving that data via a CGI.
--
Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug, or are watching the QA contact.
More information about the Fedora-package-review
mailing list