setup/lib should be protected same way as libraries
This commit is contained in:
Michal Čihař
@@ -298,11 +298,12 @@ chmod o-rw config.inc.php # remove world read and write permissions
|
|||||||
and your databases, or a login dialog if using
|
and your databases, or a login dialog if using
|
||||||
<abbr title="HyperText Transfer Protocol">HTTP</abbr> or cookie
|
<abbr title="HyperText Transfer Protocol">HTTP</abbr> or cookie
|
||||||
authentication mode.</li>
|
authentication mode.</li>
|
||||||
<li>You should deny access to the <tt>./libraries</tt> subfolder in your
|
<li>You should deny access to the <tt>./libraries</tt> and
|
||||||
webserver configuration. For Apache you can use supplied .htaccess file
|
<tt>./setup/lib</tt> subfolders in your webserver configuration. For
|
||||||
in that folder, for other webservers, you should configure this yourself.
|
Apache you can use supplied .htaccess file in that folder, for other
|
||||||
Such configuration prevents from possible path exposure and cross side
|
webservers, you should configure this yourself. Such configuration
|
||||||
scripting vulnerabilities that might happen to be found in that code.</li>
|
prevents from possible path exposure and cross side scripting
|
||||||
|
vulnerabilities that might happen to be found in that code.</li>
|
||||||
<li>
|
<li>
|
||||||
It is generally good idea to protect public phpMyAdmin installation
|
It is generally good idea to protect public phpMyAdmin installation
|
||||||
against access by robots as they usually can not do anything good
|
against access by robots as they usually can not do anything good
|
||||||
|
|||||||
3
setup/lib/.htaccess
Normal file
3
setup/lib/.htaccess
Normal file
@@ -0,0 +1,3 @@
|
|||||||
|
# This folder does not require access over HTTP
|
||||||
|
# (the following directive denies access by default)
|
||||||
|
Order allow,deny
|
||||||
Reference in New Issue
Block a user