Commit ff18c8e1 authored by Dries's avatar Dries
Browse files

Fixed a security flaw:

.inc files can be read from the web including `config.inc' which contains
the account information (login, password) to the MySQL database.  Apache
has now been setup to deny access to all *.inc files from the web.
parent 00526756
......@@ -3,9 +3,17 @@
#
# Archive feature:
#<Files archive>
# ForceType application/x-httpd-php
#</Files>
<Files archive>
ForceType application/x-httpd-php
</Files>
# Protect .inc files:
# .inc files can be read from the web so make sure we keep it
# away from the casual prying eyes. Especially `config.inc'.
<Files *.inc>
order deny, allow
deny from all
</Files>
# Customized server error messages:
ErrorDocument 400 /error.php
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment