[Mahara-contributors] [Bug 571709] Re: Mahara core files are exposed
** Changed in: mahara Status: Fix Committed = Fix Released -- Mahara core files are exposed https://bugs.launchpad.net/bugs/571709 You received this bug notification because you are a member of Mahara Contributors, which is subscribed to Mahara. Status in Mahara ePortfolio: Fix Released Bug description: Mahara files are available in google, i.e. http://www.google.com/search?hl=enclient=operahs=Eborls=enq=%22Index+of%22+%2B%22%2Flib%2Fdwoo%2Fmahara%22 This does not seem to be a security risk as is, but it might be, because people might put stuff in accessible files that don't belong there, and all in all I think you should protect your users against stupid mistakes. ___ Mailing list: https://launchpad.net/~mahara-contributors Post to : mahara-contributors@lists.launchpad.net Unsubscribe : https://launchpad.net/~mahara-contributors More help : https://help.launchpad.net/ListHelp
[Mahara-contributors] [Bug 571709] Re: Mahara core files are exposed
** Changed in: mahara Assignee: (unassigned) = François Marier (fmarier) -- Mahara core files are exposed https://bugs.launchpad.net/bugs/571709 You received this bug notification because you are a member of Mahara Contributors, which is subscribed to Mahara. Status in Mahara ePortfolio: Triaged Bug description: Mahara files are available in google, i.e. http://www.google.com/search?hl=enclient=operahs=Eborls=enq=%22Index+of%22+%2B%22%2Flib%2Fdwoo%2Fmahara%22 This does not seem to be a security risk as is, but it might be, because people might put stuff in accessible files that don't belong there, and all in all I think you should protect your users against stupid mistakes. ___ Mailing list: https://launchpad.net/~mahara-contributors Post to : mahara-contributors@lists.launchpad.net Unsubscribe : https://launchpad.net/~mahara-contributors More help : https://help.launchpad.net/ListHelp
[Mahara-contributors] [Bug 571709] Re: Mahara core files are exposed
Let's just add a .htaccess file to the lib directory to prohibit directory listing. Ultimately though, users are responsible for setting up their web servers. The .htaccess is only going to help Apache users. ** Changed in: mahara Milestone: None = 1.3.0 ** Changed in: mahara Importance: Undecided = Medium ** Changed in: mahara Status: New = Triaged ** Visibility changed to: Public ** This bug is no longer flagged as a security vulnerability -- Mahara core files are exposed https://bugs.launchpad.net/bugs/571709 You received this bug notification because you are a member of Mahara Contributors, which is subscribed to Mahara. Status in Mahara ePortfolio: Triaged Bug description: Mahara files are available in google, i.e. http://www.google.com/search?hl=enclient=operahs=Eborls=enq=%22Index+of%22+%2B%22%2Flib%2Fdwoo%2Fmahara%22 This does not seem to be a security risk as is, but it might be, because people might put stuff in accessible files that don't belong there, and all in all I think you should protect your users against stupid mistakes. ___ Mailing list: https://launchpad.net/~mahara-contributors Post to : mahara-contributors@lists.launchpad.net Unsubscribe : https://launchpad.net/~mahara-contributors More help : https://help.launchpad.net/ListHelp