[dokuwiki] Re: Index including doku.php
- From: "Oliver Schulze L." <oliver@xxxxxxxxxxxxx>
- To: dokuwiki@xxxxxxxxxxxxx
- Date: Thu, 14 Sep 2006 10:50:29 -0400
Chris Smith wrote:
I think you have missed the point.
If another dokuwiki exploit is found and published. Any script kiddie can google on doku.php to get a list of candidate sites to disrupt. If your wiki doesn't use doku.php, due to .htaccess redirection or because you have renamed it to index.php the script kiddie may not find your site. Just don't list it on splitbrain ;)
In the case doku.php can have a security breach, I strongly recommend using safe_mode and open_basedir as documented in the wiki:security.
-- Oliver Schulze L. Get my e-mail after a captcha test in: http://tinymailto.com/oliver
-- DokuWiki mailing list - more info at http://wiki.splitbrain.org/wiki:mailinglist