anyone can access any file under gallery2 folder
choipo
Joined: 2005-01-18
Posts: 18 |
Posted: Thu, 2005-04-21 08:32 |
I find that all the file can be accessed by anyone. I don't know how to disable accessiability in some file type. ---- |
|
Posts: 32509
see section "File security" in http://www.edginet.org/techie/website/htaccess.html
you need something like
.htaccess:
<Files *.inc>
Deny From All
</Files>
same for .class
google a little ;)
Posts: 40
shouldnt that really be part of the installer's job? to lockdown the server?
Usually I call include files blah.inc.php so that any requests for them return a blank
Posts: 32509
darkknight, no, that should be the part of the admin when he sets up the webserver ;)
But yes, maybe this could be added in the installer. Note that this is webserver specific (even if apache is the norm) and that this won't be necessary on most installs.
However, you can add a feature request on http://sf.net/projects/gallery/ if you wish.
Posts: 8601
since gallery is opensource anyone can find the contents of those files anyway.. if you're customizing your install and wish to protect modified files then you can setup your webserver to block direct access to those files.
Posts: 40
good point mindless