[Wheatblog-users] Securing Wheatblog 1.x
Status: Beta
Brought to you by:
wheatbread
Menu
▾
▴
[Wheatblog-users] Securing Wheatblog 1.x
|
From: James M. <wh...@wh...> - 2006-08-16 17:14:14
|
All, We've had some attempts to remotely load certain sensitive files in the Wheatblog (wB) application. See the following news item for details on how you can secure your install until we release a new version with increased security: http://sourceforge.net/forum/forum.php?forum_id=602189 I'll paste the text in here, for your convenience: Those of you running Wheatblog (wB) 1.0 or 1.1 on Apache servers should > consider using .htaccess files to add additional security to your wB install > until we can release a new version of the application which addresses recent > security concerns. > > In the "admin", "includes", and "classes" directories, create a text file > called ".htaccess" (or edit the existing one, if there is one) and add the > following directive: > > <Files ~ ".php$"> > Order allow,deny > Deny from all > </Files> > > Additionally, you should add these lines to whatever directory contains > your "settings.php" file: > > <Files "settings.php"> > Order allow,deny > Deny from all > </Files> > > The wB development team is working on a new release with enhanced security > features which will be released as soon as possible. Until then, these steps > will prevent sensitive files from being loaded remotely. > > More information on .htaccess can be found here: > > http://en.wikipedia.org/wiki/Htaccess > Sincerely, James Martin Wheatblog project admin -- wheatdesign.com |
