Let's just add a .htaccess file to the lib directory to prohibit
directory listing.

Ultimately though, users are responsible for setting up their web
servers. The .htaccess is only going to help Apache users.

** Changed in: mahara
    Milestone: None => 1.3.0

** Changed in: mahara
   Importance: Undecided => Medium

** Changed in: mahara
       Status: New => Triaged

** Visibility changed to: Public

** This bug is no longer flagged as a security vulnerability

-- 
Mahara core files are exposed
https://bugs.launchpad.net/bugs/571709
You received this bug notification because you are a member of Mahara
Contributors, which is subscribed to Mahara.

Status in Mahara ePortfolio: Triaged

Bug description:
Mahara files are available in google, i.e. 
http://www.google.com/search?hl=en&client=opera&hs=Ebo&rls=en&q=%22Index+of%22+%2B%22%2Flib%2Fdwoo%2Fmahara%22

This does not seem to be a security risk as is, but it might be, because people 
might put stuff in accessible files that don't belong there, and all in all I 
think you should protect your users against stupid mistakes.



_______________________________________________
Mailing list: https://launchpad.net/~mahara-contributors
Post to     : mahara-contributors@lists.launchpad.net
Unsubscribe : https://launchpad.net/~mahara-contributors
More help   : https://help.launchpad.net/ListHelp

Reply via email to