29 Nov, 2009, Brinson wrote in the 1st comment:
Votes: 0
I toyed with some ROM code to change the /area folder to public_html/area/

What kind of security risk does this run, if any? I want builders to be able to just download their areas. I don't care about normal people being able to download them, just don't want it to compromise my server.


What kind of downside would there be to running the entire mud in a web accessible folder?
29 Nov, 2009, Zen_Clark wrote in the 2nd comment:
Votes: 0
Security would depend on the strength of the web server. The downside would be having multiple places of attack that could damage your system. Security is only as strong as your weakest link.
What web server are you running?
29 Nov, 2009, Davion wrote in the 3rd comment:
Votes: 0
Assuming your web server is secure, the only thing I can think of would be if you had logins/passwords (even in md5/crypted form) within your code. Player files, db logins, etc.
30 Nov, 2009, David Haley wrote in the 4th comment:
Votes: 0
I think that it would be Very Bad if players could browse each other's files, even if passwords were hashed in md5 form. But you were asking just about the area directory. Well, if you don't mind random people downloading area files, then sure, why not?

Depending on how you put the area files in the web space, you might have to make sure that you can't do things like: www.yoursite.bla/area/../src/comm.c – whether or not that is possible will depend on how you put the files there, what your webserver does with symlinks (if you used them), if you used rewrite rules instead of symlinks, etc.
30 Nov, 2009, Skol wrote in the 5th comment:
Votes: 0
Yeah, my only concern would be what DH said above, make sure they can't 'back up' into other places they shouldn't.