Tracker: Support Requests
9
Add an htaccess file to protect setings.ini file - ID: 2204429
Last Update: Settings changed ( miniwark )
Actualy /inc/settings.ini file is not protected from be viewed directly in
a webrowser.
For example http://mysite.com/helpdesk.inc/setings.ini expose directly
sensible datas like databases connection string.
this is realy bad and dangerous.
For Apache, to protect this file, add an .htaccess file with this
directives :
<files settings.ini>
Order allow,deny
Deny from all
</files>
Nobody/Anonymous
Interface/HTML
1.x
Public
Comments
No follow-up comments have been posted.
Attached File ( 1 )
| Filename | Description | Download |
|---|---|---|
| htaccess | htaccess file | Download |
Changes ( 2 )
| Field | Old Value | Date | By |
|---|---|---|---|
| priority | 5 | 2008-10-28 15:24 | miniwark |
| File Added | 299286: htaccess | 2008-10-28 15:21 | miniwark |
