Results
Learning Movable Type, Tutorials, 25 KB, 1231 words
Co-authored by Elise Bauer and Arvind Satyanarayan. Tutorial cross posted on Movalog and Learning Movable Type
The installation instructions in the Movable Type Install Guide contain a section in the Configuration area called Enable Security Features. These instructions tell you to uncomment the Umask lines in your mt.cfg if your server is running cgiwrap or suexec. If you don't know what CGIwrap or suEXEC are, you may be tempted to skip this step. Don't. This step gives your MT installation extra security, which we will explain. (Note that this tutorial is only appropriate for MT installations on Linux/Apache web servers.)
What is CGIWrap or suEXEC?
CGIWrap and suEXEC are features...
continue reading ...
Movalog, News, 35 KB, 1825 words
Co-authored by Arvind Satyanarayan and Elise Bauer Tutorial cross posted on Movalog and Learning Movable Type
The installation instructions in the Movable Type Install Guide contain a section in the Configuration area called Enable Security Features. These instructions tell you to uncomment the Umask lines in your mt.cfg if your server is running cgiwrap or suexec. If you don't know what CGIwrap or suEXEC are, you may be tempted to skip this step. Don't. This step gives your MT installation extra security, which we will explain. (Note that this tutorial is only appropriate for MT installations on Linux/Apache web servers.)
What is CGIWrap or suEXEC?
CGIWrap and suEXEC are features...
continue reading ...
Six Apart User Manual, Manuals, 23 KB, 470 words
Running Movable Type with suexec or cgiwrap
Problem
You want to make your Movable Type system more secure with suexec or cgiwrap.
Solution
Run the system under cgiwrap or suexec.
Discussion
cgiwrap and suexec are special tools on the web server that allow your CGI scripts to be executed as "you", rather than as the web server. This simplifies Movable Type installation, because you no longer have to set permissions on your weblog or db directories, although you still need to set the permissions on the CGI scripts themselves. It is also more secure, because your weblog...
continue reading ...
Learning Movable Type, News, 25 KB, 1329 words
Updated 12:30 am PST, Oct 4
Wednesday morning, September 29th, Learning Movable Type and some of the other MT weblogs hosted at elise.com were intruded by a spammer who placed popup generating code on the MT index and archive templates. Not being aware of the additional code on my templates, as I rebuilt the pages of my weblogs, the rebuilt pages included this code which generated an obnoxious spam popup window every time someone visited the page. I apologize to all who may have been inconvenienced by this, and thank those of you who brought it to my attention.
The good news is that the spammer could have done a lot of damage to the site, but didn't. The bad news is I'm not sure...
continue reading ...
Six Apart User Manual, Manuals, 62 KB, 5230 words
With broad platform integration of all the leading open standards, Movable Type has the potential to do much more, given additional expertise and knowledge on the user's part.
This chapters covers some of the more advanced features in addition to providing a starting point for more advanced topics not covered in this publication.
Architectural Overview
Movable Type is written in a highly modular Perl object-oriented style with an open code base (it's not open source -- an important distinction) that makes the browser-based tool quite flexible and easily modifiable, allowing it to adapt to any number of...
continue reading ...
Learning Movable Type, News, 21 KB, 744 words
Updated again Monday night, midnight, Oct 4
This post is in reference to: Attacked!. I've posted the following update on that post and here.
One possible way that this attack could have happened is if someone else on my shared web server used a simple php script to read my database username and password. With this information, he or she could have accessed my MySQL database and made changes to the templates. I have sent a request to my web host to address how they handle PHP security. In particular, I was advised to suggest that my web host start using a PHP directive called "open_basedir" to restrict the files that PHP can open. The information on this directive can be found...
continue reading ...
Learning Movable Type, Tutorials, 22 KB, 866 words
Installing Movable Type requires uploading many files to a web server using an FTP (File Transfer Protocol) program. The files must be loaded in the proper format and then the correct permissions must be set for each of the files in order for MT to work. If you are new to FTP then the Movable Type instructions (see MT Installation Manual: Uploading Files) can seem a little confusing.
FTP
Installing Movable Type requires that you know how to use an FTP program. FTP stands for File Transfer Protocol. There are many FTP programs available; typing "FTP" into Google will yield several. For my Mac, I use Fetch. Transmit and Cyberduck for the Mac have also had good reviews. Leech FTP has been recommended as a good Windows FTP client, as well as...
continue reading ...
Six Apart User Manual, Manuals, 191 KB, 7959 words
This section of the appendix details all configuration directives that can be defined in mt-config.cgi. Through use of these directives, you can control numerous aspects of the system.
Except for those which define things specific to your system (e.g. CGIPath and your database settings), all of them have defaults set by Movable Type. This means that not every directive will appear in mt-config.cgi. If you wish to override the default for a setting which does not appear in the file, simply add it and the desired value to your mt-config.cgi.
...
continue reading ...
Six Apart User Manual, Manuals, 30 KB, 1587 words
2.1 (2002.05.02)
• Added webMaster, language, lastBuildDate, and pubDate to both RSS templates. • Added encode_html="1" to all RSS fields that didn't have it already. • Added Norwegian dates. • Added test for mt-check.cgi to determine whether we are running under cgiwrap or suexec. • Added a new global tag attribute encode_url (thanks to Scott Andrew LePera and others for the idea). • Changed the behavior of the publish flag in blogger.newPost; previously, if set to false the new entry would be saved as a draft. This was a bad idea, for...
continue reading ...
Learning Movable Type, Tutorials, 25 KB, 1722 words
Updated October 16, 2004
The results of the LMT Web Host Survey are in! Thanks to all who participated.
The first step in installing Movable Type is making sure that your web host meets MT requirements. In addition to the basic requirements there are many other factors to consider, in particular the quality of support, the reliability of the service, and the degree to which the host's staff is familiar with Movable Type. Which web host you choose can make a big difference in terms of the ease with which you install and maintain your MT weblog.
What to Look for in a Host Provider
Absolutely Necessary: 1. Ability to run custom CGI scripts 2. Perl installed on server, version...
continue reading ...
Learning Movable Type, Tutorials, 34 KB, 2704 words
This tutorial is written by LMT guest author Sarah Hughes of This Chick (aka Maddy in the MT Forums).
Many customizations for Movable Type call for using PHP scripts that require that your pages have a .php extension rather than a .html or .htm extension.
PHP is a server-side scripting language which involves a) the server looking at your pages for a PHP script, b) running the script, and c) outputting the results to the page. This is called "parsing". In order to successfully use PHP in your pages, you need to ensure that your account on your webserver is set up to parse your pages for PHP scripts. This feature is pretty standard these days, but check with your webhost before...
continue reading ...
Six Apart User Manual, Manuals, 21 KB, 297 words
UploadUmask
When creating files and directories, Movable Type uses umask settings to control the permissions set on the files. If you are running under cgiwrap or suexec, you should use a value of 0022 for all of these settings.
Default values: 0111 (DBUmask, HTMLUmask, UploadUmask), 0000 (DirUmask)
Example: UploadUmask 0022
Permalink
...
continue reading ...
Six Apart User Manual, Manuals, 21 KB, 297 words
DBUmask
When creating files and directories, Movable Type uses umask settings to control the permissions set on the files. If you are running under cgiwrap or suexec, you should use a value of 0022 for all of these settings.
Default values: 0111 (DBUmask, HTMLUmask, UploadUmask), 0000 (DirUmask)
Example: DBUmask 0022
Permalink
...
continue reading ...
Six Apart User Manual, Manuals, 21 KB, 297 words
DirUmask
When creating files and directories, Movable Type uses umask settings to control the permissions set on the files. If you are running under cgiwrap or suexec, you should use a value of 0022 for all of these settings.
Default values: 0111 (DBUmask, HTMLUmask, UploadUmask), 0000 (DirUmask)
Example: DirUmask 0022
Permalink
...
continue reading ...
Six Apart User Manual, Manuals, 21 KB, 297 words
HTMLUmask
When creating files and directories, Movable Type uses umask settings to control the permissions set on the files. If you are running under cgiwrap or suexec, you should use a value of 0022 for all of these settings.
Default values: 0111 (DBUmask, HTMLUmask, UploadUmask), 0000 (DirUmask)
Example: HTMLUmask 0022
Permalink
...
continue reading ...
Learning Movable Type, Tutorials, 16 KB, 522 words
Movable Type lets you have as many weblogs as you want on the same installation of MT. Once you have a weblog up and running, you should be able to easily add another one. In fact, it's a good idea to have a separate test blog to try out different style and format customizations before launching them on your working site. (Note that these instructions are for those who already have Movable Type installed and working.)
1. Create a new directory on your server for where you want the new weblog to reside. (Typically this is done with an FTP program.) Within that directory, create another directory for your archives.
2. On the MT Main Menu, select Create New Weblog.
Note the popup window with...
continue reading ...