Bug#410557: /etc/dokuwiki/.htaccess doesn't exist in Debian package and allow access to acl and users

Hi, There are more web applications in Debian accessing to /etc. For example PhpMyAdmin: ~$ ls -l /usr/share/phpldapadmin/config/config.php config.php - /etc/phpldapadmin/config.php Thanks for using my package as an example, but this way of referencing the config is not insecure.

Bug#410557: /etc/dokuwiki/.htaccess doesn't exist in Debian package and allow access to acl and users

Package: dokuwiki Version: 0.0.20061106-1 Severity: critical Dokuwiki 2006-11-06 from the official page [1] contains the file conf/.htacces: conf/.htaccess - ## no access to the conf directory order allow,deny deny from all

Bug#410557: /etc/dokuwiki/.htaccess doesn't exist in Debian package and allow access to acl and users

On Sun, Feb 11, 2007 at 07:56:57PM +0100, Iñaki Baz Castillo wrote: Dokuwiki 2006-11-06 from the official page [1] contains the file conf/.htacces: conf/.htaccess - ## no access to the conf directory order allow,deny deny from

Bug#410557: /etc/dokuwiki/.htaccess doesn't exist in Debian package and allow access to acl and users

Ah, that would be the link ./usr/share/dokuwiki/conf - /etc/dokuwiki being shipped in the package, probably as a cheap workaround for a lack of config include path in the software. :/ There are more web applications in Debian accessing to /etc. For example PhpMyAdmin: ~$ ls -l

Bug#410557: /etc/dokuwiki/.htaccess doesn't exist in Debian package and allow access to acl and users

On Sun, Feb 11, 2007 at 09:45:06PM +0100, Iñaki wrote: Ah, that would be the link ./usr/share/dokuwiki/conf - /etc/dokuwiki being shipped in the package, probably as a cheap workaround for a lack of config include path in the software. :/ There are more web applications in Debian accessing

Bug#410557: /etc/dokuwiki/.htaccess doesn't exist in Debian package and allow access to acl and users

No, it would be better if webapps didn't suck, and could reference /etc directly. That is not possible with PHP web apps since PHP needs all the config files in the public dir of the web server. This is the issue that sucks. The solution most used if to hide config files with .htaccess and

Bug#410557: /etc/dokuwiki/.htaccess doesn't exist in Debian package and allow access to acl and users

El Domingo, 11 de Febrero de 2007, Steve Langasek escribió: That is not possible with PHP web apps since PHP needs all the config files in the public dir of the web server. This is the issue that sucks. No, it doesn't. I don't know where you got that idea. Yes, it's possible to have config

Bug#410557: /etc/dokuwiki/.htaccess doesn't exist in Debian package and allow access to acl and users

On Sun, Feb 11, 2007 at 10:30:20PM +0100, Iñaki wrote: No, it would be better if webapps didn't suck, and could reference /etc directly. That is not possible with PHP web apps since PHP needs all the config files in the public dir of the web server. This is the issue that sucks. No, it