[kronolith] Kronolith missing .htaccess files?

Poyner, Brandon bpoyner at ccac.edu
Thu Feb 19 06:00:51 PST 2004


I've tried for a few days to fill out a bug report on this but the Horde
Bugzilla simply won't email me a password.
 
I was looking through my Horde install and noticed Kronolith did not
have the .htaccess files in the protected directories such as config,
scripts, and locale that you would find in the IMP, Turba, and Horde
modules.  The thing that concerns me is that a backup of
kronolith/config/conf.php left inside of the kronolith/config directory
can be requested from the web server by anybody.  Anybody using RCS to
check in their changes or leaving a .bak file are potentially at risk of
having the contents exposed, including the mysql username, password, and
host.
 
Could this please be looked into and perhaps corrected?  The current CVS
versions apparently don't have .htaccess files either.
 
Thanks,

Brandon Poyner 


 


More information about the kronolith mailing list