Contact | Privacy | Datenschutzerklärung | Impressum

Program Configuration

Please always bear in mind that heitml pages are in fact programs running on your Web server. Since these programs are written by customers there is a risk that they misbehave intentionally or unintentionally. The heitmlsecure option forbids any heitml program to access the file system (except for the include feature). This way a misbehaved heitml page can not reveal or destroy files on your disk. 

heitmlsecure     on
Always switch on heitmlsecure explicitly in httpd.conf to prevent users switch it off in a .htaccess file.

The include feature of heitml is a way heitml scripts can include and execute library files. Using the heitmlinclude directive you can specify include directories. All include directories are searched to find an include file specified. Include directories are visited in the order of the heitmlinclude directives given in the config file. However heitmlinclude directives given in a more specialized section, e.g. in a directory or virtual server section or in a .htaccess file are visited first.

All users should have an include directive to the heitml lib directory. into their path. Users of heitml 1.2 might want to use the lib1.2 for compatibility reasons. Users of RADpage in addition need the control directory in the path before the lib directory. It is needed for editing only. 

# include heitml libraries
  heitmlInclude         /usr/local/heitml/heitml2.1/control
  heitmlInclude         /usr/local/heitml/heitml2.1/lib
# include the layout
  heitmlInclude         /home/demo/website/docroot/layout
Finally each heitml Web site needs a layout directory that contains layout files. Layout files are just ordinary include files, but usually they are local for each client. In addition clients can use .htaccess files to specify their own include directories. 
  heitmllib            /usr/local/heitml/heitml2.1/lib/lib.hei
  heitmlcodepath       /usr/local/heitml/heicode
heitmlcodepath specifies a directory where to store heitml code files. The web server must have and users must not have write access to the code files since changing a code file could be used to compromise the web server security. heitmllib specifies a heitml code library. The library contains a preprocessed version of the heitml component libraries and so avoids that parts of the library are compiled into the code files. This saves significant disk space on code files.

Include files, however, have the risk that a user includes a file he is not allowed to read. heitml runs with the user rights of the Web server user, so it has the same rights as Apache. So there is the potential risk that all the files the Web server user can read can be included. By setting the heitmlincludeall directive to off, however, users can specify only include directories that are subdirectories of the directory that contains the .htaccess file. In addition heitmlincludeall must be set to off, because otherwise users could put symlinks into include directories that point to files they are not allowed to read ! 

  heitmlincludeall	off

In any case, be aware of the fact that there is an inherent risk of all files the Web server user can read to be revealed. Note that Apache modules, CGI scripts can read all these files. A simple Apache misconfiguration might make Apache serve these files e.g. you must make sure that Apache never follows symlinks. Finally bugs in heitml (or any other Apache module) might reveal such information. So you should never put confidential data on a Web server and at the same time offer multiple clients to upload scripts or .hei pages to that server.

Next
This page was dynamically generated by the web application development tool RADpage of H.E.I.

Selected blog articles : 3D Objects on HTML pages, CSS Transition Visibility, and CSS Transition Display.


© 1996-2024 H.E.I. All Rights Reserved.



Homepage
Intro/Features
Component Guide
Programming
User Guide
  Supported Platforms
  Installation
  Configuration
    Local & Intranet
    Internet Servers
    Service Providers
      Apache ISP Config
        Multiple Sites
        Program Security
        Databases
        ISP Debugging
        RADpage
        Example
        Example Mail
    Config Ref.
  Operation
  RADpage
  Migrating heitml 1
Services
Privacy
Datenschutz
 
Contact / Impressum