Anonymous | Login | Signup for a new account | 2024-03-28 16:04 CDT |
Main | My View | View Issues | Change Log | Roadmap | Docs | Wiki | Repositories |
Dependency Graph | [ View Issue ] [ Relation Graph ] [ Vertical ] | |||
|
||||
|
Viewing Issue Simple Details | |||||
ID | Category | Type | Reproducibility | Date Submitted | Last Update |
0000947 | [In-Portal CMS] Security | bug report | always | 2010-12-13 10:09 | 2011-09-19 16:08 |
Reporter | Dmitry | View Status | public | ||
Assigned To | alex | ||||
Priority | normal | Resolution | fixed | ||
Status | closed | ||||
Summary | 0000947: Create new folder with restricted access from Web | ||||
Description |
Currently most of the logs and debug info can be accesses via Web which is high security risk. To address this we need to create a new folder under "/system" with restricted access from Web. Folder name will be ".restricted", it will have 777 permissions and will be used for: 1. ALL type of logs (gateways, shipping, PHP, Web requests) 2. Debug files NOTES: 1. all of above Logs should be checked and updated to use this NEW folder. 2. add .htaccess which will deny any access to that folder. |
||||
Additional Information | New setting in config.php RestrictedPath = "/system/.restricted" |
Main | My View | View Issues | Change Log | Roadmap | Docs | Wiki | Repositories |
Web Development by Intechnic In-Portal Open Source CMS |