Commit ff18c8e1 authored by Dries's avatar Dries
Browse files

Fixed a security flaw:

.inc files can be read from the web including `' which contains
the account information (login, password) to the MySQL database.  Apache
has now been setup to deny access to all *.inc files from the web.
parent 00526756
......@@ -3,9 +3,17 @@
# Archive feature:
#<Files archive>
# ForceType application/x-httpd-php
<Files archive>
ForceType application/x-httpd-php
# Protect .inc files:
# .inc files can be read from the web so make sure we keep it
# away from the casual prying eyes. Especially `'.
<Files *.inc>
order deny, allow
deny from all
# Customized server error messages:
ErrorDocument 400 /error.php
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment