Textpattern CMS support forum
You are not logged in. Register | Login | Help
- Topics: Active | Unanswered
#1 2007-06-07 07:59:18
- FireFusion
- Member
- Registered: 2005-05-10
- Posts: 698
Improve security of files and images folder
It’s easy to forget that not all servers deny listings of directory by default. It’s not until I click on the files tab and see 50 downloads of a file I haven’t made live that I remember (Lucky it’s never been anything critical, yet).
This could be fixed by just adding “index.html” files to both of these folders. I know quite a few other CMS do this already.
Offline
Re: Improve security of files and images folder
For the images folder, it doesn’t matter, because you can just try 1.jpg, 2.jpg, etc.
For the files folder, setting the permissions of the directory itself to 733 (703, 730 in some cases) would have the same effect as adding an index.html
Offline
#3 2007-06-07 14:20:33
- Mary
- Sock Enthusiast
- Registered: 2004-06-27
- Posts: 6,236
Re: Improve security of files and images folder
Options -IndexesDenies directory listings.
Offline
Re: Improve security of files and images folder
FireFusion wrote:
This could be fixed by just adding “index.html” files to both of these folders. I know quite a few other CMS do this already.
Beside being easily done by an Apache configuration directive, a unix/fs thingie, or even by hand… making this a default is not a good idea. Because some people don’t want it (maybe even more than people who do want it), and those who use subversion to update their installation will have to manually remove the index.html file by hand after each update.
Offline
#5 2007-06-07 16:15:37
- FireFusion
- Member
- Registered: 2005-05-10
- Posts: 698
Re: Improve security of files and images folder
Thanks Mary I just have to uncomment it.
Everyone is happy that way :-)
Last edited by FireFusion (2007-06-07 16:16:53)
Offline