Posted on

WordPress and UNIX security (part 2)

In an effort to secure my blog I once again did battle with the mighty Word press. It seems that you can run a perfectly healthy blog with no write permissions by the HTTP server (usually www-data) to your service directory.

What do I suggest? Change owner ship to root on your blog area. When you know that you need to upload stuff to Word press then open the permissions on the relevant folders. This happens when you want to add or remove plug-ins, upload media, themes etc. After the relevant operation clamp down on security again. There are plugins (like xLanguage) that write all kinds of junk log files into the upload folder as part of their operation. Obviously you cannot use these if you want better security.

Advantages: better security.
Disadvantages: A little discomfort and the need to write very simple short script to do the chmod for you. The Inability to use certain brain dead plug-ins.

Posted on

Firefox favicon cache is over caching

I’ve recently tried setting some sites icon to appear as the small icon you see at the tab you are browsing it. This icon is called favicon.ico and is located in your servers root directory which resides in /var/www on standard systems. When changing this icon and reloading the page in Chrome the icon got updated promptly. No such luck with Firefox. The only way I found to do it is to go to the Firefox cache which is at ~/.mozilla/firefox/[some instance of firefox]/Cache and remove the icon. The problem is that the cache folder shows files whose names are hash keys of the cache which means that you need to find the file. Usually something like file * | grep icon can help. If you know the exact size of the icon you are looking for this could help also or if you have the actual icon file you are trying to erase from the cache you can just explicitly run a search for it using cmp(1).

Addendum: A much easier way is just to point your browser at the favicon URL which should update it’s cache just for this URL. In Firefox this worked even without browser restart.
In addition to all of the above in Firefox the bookmarks tool bar could show a different favicon than the tab. For this you can install “Bookmark Favicon Changer” as an extension and set the icon yourself.