[ltb-dev] [LDAP Tool Box - Feature #623] (Assigned) Add htaccess to ensure config/* files can't be read as test plain

noreply at lsc-project.org noreply at lsc-project.org
Fri Sep 27 10:37:02 CEST 2013


Issue #623 has been updated by Clément OUDOT.

Status changed from New to Assigned
Assigned to set to Clément OUDOT
Target version set to self-service-password-?


----------------------------------------
Feature #623: Add htaccess to ensure config/* files can't be read as test plain
http://tools.lsc-project.org/issues/623

Author: Bruno Bonfils
Status: Assigned
Priority: Normal
Assigned to: Clément OUDOT
Category: Self Service Password
Target version: self-service-password-?


I made a mistake when configure selfservice using php5-fpm. I enabled selfservice in https, therefore http doesn't handle PHP files,  so it was possible to read config/config.inc.php

Could be a good idea to add a .htaccess to ensure config files can't be read from a browser


-- 
You have received this notification because you have either subscribed to it, or are involved in it.
To change your notification preferences, please click here: http://tools.lsc-project.org/my/account
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ltb-project.org/pipermail/ltb-dev/attachments/20130927/4d78a509/attachment.htm>


More information about the ltb-dev mailing list