[thelist] CMS Recommendations

Christie Mason cmason at managersforum.com
Tue Oct 6 12:34:56 CDT 2009

> -----Original Message-----
> From: Stephen Rider
> My corporate site has a bit of functionality where a non-techie
> employee has to upload data to our site.
> I have an Excel script that turns a worksheet into a csv data file,
> and then they upload it via FTP...
> --CM Relies--
> That's potentially a very, very dangerous approach.  Anyone who  
> knows about
> that uploaded file could view it at any time, ex-employees, current
> employees, search engines, and many others.  It's a big security hole,
> especially if the folder's not password protected and the search  
> engines are
> crawling it.  If that's confidential data, then that's the type of  
> exposure
> that leads to headlines and lawsuits.

A legitimate concern.  I should have mentioned that the data directory  
is not public -- it's above the web root level, so not viewable via  
the web.

...though notably the web design firm that made the site did put it in  
the web directory; one of the first things I did was move it.

And in my case it's public data anyway -- it's there for the purpose  
of displaying on a page on the site.    Still -- thanks for the  
caution -- you made an excellent point and I should have been more  


--CM Relies--

That's good to know.  I just didn't want anyone else thinking that was the
right thing to do w/o thinking through the security implications.

Christie Mason

More information about the thelist mailing list