Fog Creek Software
Discussion Board

Knowledge Base
Terry's Tips
Darren's Tips

citydesk.xml - security problems?

Here's the scenario. I'm creating a website. A lot of the website is public, but some is private. I'm not doing this via Audience because I don't want to publish the site twice, so I create password protected directories, using HTAccess or some other security mechanism.

There may be a link to the secure directory "click here for file repository, password required" or you can just pass out the URL to those who you want to know,

Being a Citydesk user, I know I can go to any CityDesk site and type in "citydesk.xml" in the root and get a listing of files. Now, perhaps I can't access them, but I can at least see what their names are. Whether it's "love letter to margo.doc" or "memo on plans to buy out enron.pdf" the filename alone may be enough to get me into trouble.

Are there any plans to somehow encrypt this file? Even randomizing the filename would be some level of security.

Mark W
Sunday, February 24, 2002

Encrypt it? Yikes! Why bother making it XML if you're going to make it unreadable?

I think the solution is to tell your web server to not allow people to look at it. Or simply use the file-system to make it inaccessable.

Maury Markowitz
Sunday, February 24, 2002

Yeah that is a good workaround solution. A simple CHMOD should do the trick. I'm not a *NIX guru, so I'll assume CityDesk won't do anything to change that status - like delete the citydesk.xml and then re-write it?

I just thought about this again because I wanted to publish a file on my site with all my passwords in it. I could put it in it's own directory with an .htaccess file, but it seems like more trouble than it should be.

Mark W
Monday, February 25, 2002

Hmmm, good question on what CD will do. This might be a good place for a switch in the app, one that will "unprotect" the existing file and delete it, then write the new one and protect it. It could be called something to the effect of "Protect site file" or somesuch?

Maury Markowitz
Monday, February 25, 2002

Technically, Citydesk doesn't touch the file on the server -- the server's ftp daemon touches the file.

I don't think web servers would change the security bits, though.

Joel Spolsky
Monday, February 25, 2002

I think the problem is that if we do read-protect the file (at least from certain groups) CD (ok, ok, the ftp :-) might not be able to write over it the next time you do a Publish.

The more I think about it though, this should still be doable. Make an account for the CD login and put it in some group. Set the xml file to world-no permissions, cd group-RW, user-everything.

I think that would do it. It's a bit geeky though, it might be nice to have this in the manual somewhere.

Maury Markowitz
Tuesday, February 26, 2002

*  Recent Topics

*  Fog Creek Home