Skip to the Main Content

Note:These pages make extensive use of the latest XHTML and CSS Standards. They ought to look great in any standards-compliant modern browser. Unfortunately, they will probably look horrible in older browsers, like Netscape 4.x and IE 4.x. Moreover, many posts use MathML, which is, currently only supported in Mozilla. My best suggestion (and you will thank me when surfing an ever-increasing number of sites on the web which have been crafted to use the new standards) is to upgrade to the latest version of your browser. If that's not possible, consider moving to the Standards-compliant and open-source Mozilla browser.

October 13, 2002


If you don’t (or can’t) go the cgiwrap/suexec route, the alternative “dumb” recommendation in the Movable Type setup instructions is to set the permissions on your blog directory to 777.

I suppose this is necessary if you don’t have administrator access on your web server. The UID under which the web server runs needs to have write-access to your blog directory. So you either use cgiwrap or suexec to grant the CGI-scripts write-access to all your files, or you make your blog directory writable by anyone (including the web server).

But if you do have administrator access, then there is obviously a more secure alternative: change the ownership of the blog directory to match the UID of the web server (under MacOSX, this is “www”).

Since some significant fraction of their users do run their own web servers, it behooves the MT people to explain this, rather than offering the other two, distinctly inferior, solutions.

If this is what their Installation instructions are like, it makes me wonder about the attention to security in the software itself.

I have to admit, though, that they have put together a very extensive blog management package, and made it freeware. So I shouldn’t complain …

Posted by distler at October 13, 2002 6:19 PM

TrackBack URL for this Entry:

0 Comments & 0 Trackbacks

Post a New Comment