Burton Rosenberg wrote:
Unfortunately, not all webservers recognise .htaccess files (e.g. IIS), so its a flawed solution. The ideal solution is to adjust your Dokuwiki install so only the executable scripts are below the document root, unfortunately for many hosting services this either isn't feasible or straightforward. However, if your ftp area starts below your webroot, it is possible. The instructions for doing so can be found at http://wiki.splitbrain.org/wiki:security.The response to this was swift. But I think maybe more needs be done.
.htaccess is used in many directories (inc/lang, for instance), but not all.
first lines ...
// must be run within dokuwiki if (!defined('DOKU_INC')) die();
-- DokuWiki mailing list - more info at http://wiki.splitbrain.org/wiki:mailinglist