[lug] web site advice needed

Quentin Hartman qhartman at gmail.com
Wed Sep 11 08:36:34 MDT 2013


It depends on how you have the permissions setup. The "normal" way these
days is to have the installation writeable by the web server user, and it
uses http via php to download the update and then installs over itself.
That in itself introduces some risk, so the recommended practice is to have
stuff locked down during the normal run of things, then relax the
permissions only when you want to update.

Q


On Wed, Sep 11, 2013 at 8:31 AM, Michael J. Hammel <
mjhammel at graphics-muse.org> wrote:

> On Tue, 2013-09-10 at 22:48 -0600, Sean Reifschneider wrote:
> > the latest stuff?  I've been running my personal blog on WordPress for a
> > couple of years, and WordPress *REALLY* has got its shit together in this
> > regard.  I go to my admin interface, and it tells me there are X upgrades
> > available.  I click a button or two, and they are applied.
>
> Doesn't the point-n-click updates require an open ftp port?  I've been
> doing my updates at home and then pushing the whole thing back to my web
> site.  I wouldn't mind doing it the easy way but I'm a bit leary of an
> open ftp site.
>
> Truth be told: I haven't really investigated its use once I saw "ftp" as
> a requirement.  Can you describe what you did to enable this safely?
> --
> Michael J. Hammel                                    Principal Software
> Engineer
> mjhammel at graphics-muse.org
> http://graphics-muse.org
>
> ------------------------------------------------------------------------------
> Market research firms tend to serve the same function for the PC industry
> that a lamppost does for a drunk.  -- Robert X. Cringley, "Accidental
> Empires"
>
> _______________________________________________
> Web Page:  http://lug.boulder.co.us
> Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
> Join us on IRC: irc.hackingsociety.org port=6667 channel=#hackingsociety
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.lug.boulder.co.us/pipermail/lug/attachments/20130911/4a89cfbe/attachment.html>


More information about the LUG mailing list