[pmwiki-users] Images in another group
Patrick R. Michaud
pmichaud at pobox.com
Wed Dec 7 15:49:27 CST 2005
On Wed, Dec 07, 2005 at 02:28:31PM -0600, Tegan Dowling wrote:
> The latter -
>
> Having the uploads/directory automatically receive a .htaccess file
> containing the
> Order Deny,Allow
> Deny from all,
> along with having $EnableDirectDownload=0; in the local/config.php
>
> - is what I was suggesting/requesting, since it (appears to) make things
> work the way I always thought they already did.
Well, I can certainly have PmWiki go ahead and place a .htaccess file
into uploads/ if one doesn't already exist and $EnableDirectDownload is
zero.
However, it's a mistake to fool ourselves into believing we fixed
security this way. Many sites don't use Apache or have Apache configured
such that .htaccess files aren't processed. In these cases, creating
the .htaccess file still doesn't protect the uploads from direct
access.
What I'm taking away from this excellent discussion is that there's
a growing demand and need for a "site analysis" script and checklist
that can analyze a site's configuration and report on anything that the
administrator might want to investigate.
Pm
More information about the pmwiki-users
mailing list