In .htaccess imo you have two options:
This one kills the access to the .svn-base files, which is the very
least you should do:
<FilesMatch \.svn-base>
Deny from All
</FilesMatch>
The other approach with mod_rewrite is to redirect everything to some
other page, using a 404 response code:
RewriteRule /\.svn/ / [L,R=404]
For more advanced apache stuff, you can add this to the config (doesn't
work in htaccess), it essentially does the same as the RewriteRule
above, but just returning a blank 404 afaik.
RedirectMatch 404 /\\.svn(/.*|$)
--
Mahara core files are exposed
https://bugs.launchpad.net/bugs/571709
You received this bug notification because you are a member of Mahara
Contributors, which is subscribed to Mahara.
Status in Mahara ePortfolio: In Progress
Bug description:
Mahara files are available in google, i.e.
http://www.google.com/search?hl=en&client=opera&hs=Ebo&rls=en&q=%22Index+of%22+%2B%22%2Flib%2Fdwoo%2Fmahara%22
This does not seem to be a security risk as is, but it might be, because people
might put stuff in accessible files that don't belong there, and all in all I
think you should protect your users against stupid mistakes.
_______________________________________________
Mailing list: https://launchpad.net/~mahara-contributors
Post to : mahara-contributors@lists.launchpad.net
Unsubscribe : https://launchpad.net/~mahara-contributors
More help : https://help.launchpad.net/ListHelp
