Recommend disabling access to libraries folder.

2005-11-23 19:17:25 +00:00
parent 513ead7b25
commit 4e540cb43e
2 changed files with 7 additions and 0 deletions
--- a/1
+++ b/1
@@ -64,6 +64,7 @@ $Source$
      libraries/display_tbl_links.lib.php, test/theme.php: Move javascript
      stuff out of libraries folder.
    * libraries/.htaccess: Deny access to libraries folder over HTTP.
+    * Documentation.html: Recommend disabling access to libraries folder.

 2005-11-22 Sebastian Mendel <cybot_tm@users.sourceforge.net>
    * added test/theme.php: for testing themes
--- a/Documentation.html
+++ b/Documentation.html
@@ -183,6 +183,12 @@
         in your browser. phpMyAdmin should now display a welcome screen
         and your databases, or a login dialog if using HTTP or cookie
         authentication mode.</li>
+    <li> You should deny access to libraries subfolder in your webserver
+         configuration. For Apache you can use supplied .htaccess file in that
+         folder, for other webservers, you should configure this yourself.
+         Such configuration prevents from possible path expossure and cross
+         side scripting vulnerabilities that might happen to be found in that
+         code.</li>
 </ol>
 <a name="linked-tables"></a>
 <h3>Linked-tables infrastructure</h3>