[thelist] CMS Recommendations

Stephen Rider evolt_org at striderweb.com
Tue Oct 6 09:50:13 CDT 2009

On Oct 4, 2009, at 12:09 PM, Christie Mason wrote:

> -----Original Message-----
> From: Stephen Rider
> My corporate site has a bit of functionality where a non-techie
> employee has to upload data to our site.
> I have an Excel script that turns a worksheet into a csv data file,
> and then they upload it via FTP...
> --CM Relies--
> That's potentially a very, very dangerous approach.  Anyone who  
> knows about
> that uploaded file could view it at any time, ex-employees, current
> employees, search engines, and many others.  It's a big security hole,
> especially if the folder's not password protected and the search  
> engines are
> crawling it.  If that's confidential data, then that's the type of  
> exposure
> that leads to headlines and lawsuits.

A legitimate concern.  I should have mentioned that the data directory  
is not public -- it's above the web root level, so not viewable via  
the web.

...though notably the web design firm that made the site did put it in  
the web directory; one of the first things I did was move it.

And in my case it's public data anyway -- it's there for the purpose  
of displaying on a page on the site.    Still -- thanks for the  
caution -- you made an excellent point and I should have been more  


Stephen Rider

More information about the thelist mailing list