[Baypiggies] Nested plone sites?

Dennis Reinhardt DennisR at dair.com
Fri Oct 5 00:55:12 CEST 2007 

At 03:09 PM 10/4/2007, Ken Seehart wrote:

>www.seehart.com/foobar => http://seehart.webfactional.com/foobar
>www.seehart.com => http://seehart.webfactional.com/seehart.com

wow!  There are three technologies at work here: (1) host file system, (2) 
DNS, and (3) Plone/Zope/CMS.

Let's start at (1).  Your web files in an ISP account are generally under 
some top level directory such as htdocs, public_html, or some other such 
directory.

It is good practice to then place separate websites under this:

         htdocs/seehart/
         htdocs/foobar

These are then assigned to URLs via DNS.  If you do not have separate 
domain names, then you yes, would have to access the sites as

>         http://seehart.webfactional.com/seehart
         http://seehart.webfactional.com/foobar

Your second URL example above is valid but likely does not parse the way 
you think it does.  seehart.com is a subdirectory somewhere in the 
webfactinal file structure.

Doing it this way, you are tied to webfactional.com and cannot move to 
another domain.  That is why good practice is to have separate domain names.

I know approximately nothing about Plone but nested domains are generally a 
bad idea.  Suppose, your directory structure is

         htdocs/seehart/
         htdocs/seehart/foobar

You can surely assign separate domain names via DNS. What is the 
problem?  The problem is that any access to the foobar subdirectory from 
the seehart site will be satisfied by something which is not part of the 
seehart site.  If/when foobar is split off you will have broken urls.

Even with peer domains, a url using ".." to navigate up the directory tree 
and then back down to the other site directory has a chance of succeeding, 
depending on site hardening.  This used to be a common attack but I have 
not seen it in my logs lately.  My public Apache server blocks this while 
my local (only) IIS server allows it.

Regards, Dennis
  ---------------------------------
| Dennis    | DennisR at dair.com    |
| Reinhardt | http://www.dair.com |
  ---------------------------------

More information about the Baypiggies mailing list