Hi,
There are more web applications in Debian accessing to /etc. For example
PhpMyAdmin:
~$ ls -l /usr/share/phpldapadmin/config/config.php
config.php - /etc/phpldapadmin/config.php
Thanks for using my package as an example, but this way of referencing
the config is not insecure.
Package: dokuwiki
Version: 0.0.20061106-1
Severity: critical
Dokuwiki 2006-11-06 from the official page [1] contains the
file conf/.htacces:
conf/.htaccess
-
## no access to the conf directory
order allow,deny
deny from all
On Sun, Feb 11, 2007 at 07:56:57PM +0100, Iñaki Baz Castillo wrote:
Dokuwiki 2006-11-06 from the official page [1] contains the
file conf/.htacces:
conf/.htaccess
-
## no access to the conf directory
order allow,deny
deny from
Ah, that would be the link ./usr/share/dokuwiki/conf - /etc/dokuwiki being
shipped in the package, probably as a cheap workaround for a lack of config
include path in the software. :/
There are more web applications in Debian accessing to /etc. For example
PhpMyAdmin:
~$ ls -l
On Sun, Feb 11, 2007 at 09:45:06PM +0100, Iñaki wrote:
Ah, that would be the link ./usr/share/dokuwiki/conf - /etc/dokuwiki being
shipped in the package, probably as a cheap workaround for a lack of config
include path in the software. :/
There are more web applications in Debian accessing
No, it would be better if webapps didn't suck, and could reference /etc
directly.
That is not possible with PHP web apps since PHP needs all the config files in
the public dir of the web server. This is the issue that sucks.
The solution most used if to hide config files with .htaccess and
El Domingo, 11 de Febrero de 2007, Steve Langasek escribió:
That is not possible with PHP web apps since PHP needs all the config
files in the public dir of the web server. This is the issue that sucks.
No, it doesn't. I don't know where you got that idea.
Yes, it's possible to have config
On Sun, Feb 11, 2007 at 10:30:20PM +0100, Iñaki wrote:
No, it would be better if webapps didn't suck, and could reference /etc
directly.
That is not possible with PHP web apps since PHP needs all the config files
in
the public dir of the web server. This is the issue that sucks.
No, it
8 matches
Mail list logo