Neil Turner's Blog

Blogging about technology and randomness since 2002

BlogTorrent Security

I’m strongly considering dumping the copy of BlogTorrent that I have running on my ISP’s web space, now that I’ve realised that most of the settings are viewable by anyone who can guess the URL of the file. The installation does warn about this but doesn’t really offer a solution, and setting the config files so that they don’t have read permissions for all users stops the program from working.
I can probably fix it with a .htaccess file to prevent any IP address that isn’t the server from accessing the files but it’s not ideal. If you have BlogTorrent set up, you may want to bear this in mind. I appreciate that BlogTorrent was designed to be easier to set up than other torrent trackers but this one presents an unacceptably high security risk if not checked out.
By the way, this month’s Windows security updates are out (I had 3) and Mozilla Firefox 1.0.5 is out, fixing 12 security flaws, 2 of which involved arbitrary code execution. Deer Park Alpha 2 is also out.

One Comment

  1. Downloading Deer Park now Neil. I saw no purpose in BlogTorrent anyway