httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Joshua Slive <jsl...@gmail.com>
Subject Re: [users@httpd] index/directories leave me vulnerable
Date Fri, 14 Oct 2005 00:15:06 GMT
On 10/13/05, paul johnson <p_jay@hotmail.co.uk> wrote:
> i have set up a simple guestbook php script. the index.php contains the
> admin password and this file is quite freely available if someone just went
> to the guestbook/  directory and downloaded  the file..
>
> is it possible to make it so people cant view directories/index's on my
> site. ive spent a good while looking for information relating to this but i
> cant find any.

See:
http://httpd.apache.org/docs/1.3/misc/FAQ.html#indexes

But I think you have a deeper problem.  Why is guestbook.php
downloadable?  It should be processed by php so that the source code
should not be available for download.  Check you php config.

Joshua.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message