mahara-contributors team mailing list archive

Thread
Date

[Bug 571709] Re: Mahara core files are exposed

To: mahara-contributors@xxxxxxxxxxxxxxxxxxx
From: François Marier <francois@xxxxxxxxxx>
Date: Fri, 16 Jul 2010 04:54:39 -0000
Reply-to: Bug 571709 <571709@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

<richardm> fmarier: I'm getting /var/www/mahara5/.htaccess: Option
Indexes not allowed here

** Changed in: mahara
       Status: Fix Committed => Triaged

** Changed in: mahara
       Status: Triaged => In Progress

-- 
Mahara core files are exposed
https://bugs.launchpad.net/bugs/571709
You received this bug notification because you are a member of Mahara
Contributors, which is subscribed to Mahara.

Status in Mahara ePortfolio: In Progress

Bug description:
Mahara files are available in google, i.e. http://www.google.com/search?hl=en&client=opera&hs=Ebo&rls=en&q=%22Index+of%22+%2B%22%2Flib%2Fdwoo%2Fmahara%22

This does not seem to be a security risk as is, but it might be, because people might put stuff in accessible files that don't belong there, and all in all I think you should protect your users against stupid mistakes.