anyone can access any file under gallery2 folder

choipo Joined: 2005-01-18 Posts: 18	Posted: Thu, 2005-04-21 08:32
	I find that all the file can be accessed by anyone. For example: http://192.168.1.1/gallery2/modules/core/module.inc I don't know how to disable accessiability in some file type. How to set on apache? ---- Gallery URL (optional): Gallery version: 2 beta1 Webserver (with version): Apache 2 Datatabase (with version): Mysql 3 PHP version (eg 4.2.1): 4.2.1 phpinfo URL (optional): Graphics Toolkit(s): Operating system: Web browser/version: G1 version (for migration bugs):
	XUser login Username: * Password: * Create new account Request new password
valiant Joined: 2003-01-04 Posts: 32509	Posted: Thu, 2005-04-21 10:14
	see section "File security" in http://www.edginet.org/techie/website/htaccess.html you need something like .htaccess: <Files *.inc> Deny From All </Files> same for .class google a little ;)

darkknight Joined: 2003-03-01 Posts: 40	Posted: Thu, 2005-04-21 13:18
	shouldnt that really be part of the installer's job? to lockdown the server? Usually I call include files blah.inc.php so that any requests for them return a blank

valiant Joined: 2003-01-04 Posts: 32509	Posted: Thu, 2005-04-21 16:04
	darkknight, no, that should be the part of the admin when he sets up the webserver ;) But yes, maybe this could be added in the installer. Note that this is webserver specific (even if apache is the norm) and that this won't be necessary on most installs. However, you can add a feature request on http://sf.net/projects/gallery/ if you wish.

mindless Joined: 2004-01-04 Posts: 8601	Posted: Thu, 2005-04-21 16:57
	since gallery is opensource anyone can find the contents of those files anyway.. if you're customizing your install and wish to protect modified files then you can setup your webserver to block direct access to those files.

darkknight Joined: 2003-03-01 Posts: 40	Posted: Thu, 2005-04-21 18:09
	good point mindless

anyone can access any file under gallery2 folder

XUser login