[dokuwiki] Re: Security without .htaccess

  • From: Andreas Gohr <andi@xxxxxxxxxxxxxx>
  • To: dokuwiki@xxxxxxxxxxxxx
  • Date: Mon, 9 May 2005 21:50:18 +0200

Hi!

> The easiest workaround is to put blank index.html files
> in directories whose content should be "hidden".

Well a blank index.html just avoids directory browsing - one could still
access the files directly
 
> Given the openness of the source code, and wiki content,
> this seems like overkill.

Correct as long as all your content is viewable in the wiki there is no
point of hiding the data files
 
> I think it's sufficient to protect user data by putting
> a blank index.html file in the 'conf' directory.

Again this protects you from directory browsing only.

Maybe we should use the .php extension for all config files? Even if
they aren't PHP sourcefiles? This way their contents could be protected
by a line like this on top:

# <?php exit()?> 

Anyone wants to supply a patch?

Andi

-- 
http://www.splitbrain.org
-- 
DokuWiki mailing list - more info at
http://wiki.splitbrain.org/wiki:mailinglist

Other related posts: