[TYPO3-dev] Info disclosure from extension folders
martin.kutschker-n0spam at no5pam-blackbox.net
Thu Oct 26 11:35:09 CEST 2006
Christopher Torgalson schrieb:
>> IMHO this should be addresses in TYPO3 5.0, but in the meantime you can
>> hide only specific files (eg "typo3conf/localconf.php" or generic file
>> names like "ChangeLog"), but I think it's a lot of trouble to protect all
>> those files and directories with Apache directives.
> Really? Drupal's .htaccess file ships with this entry:
> Order deny,allow
> Deny from all
> ...and it works--files can be accessed by local scripts but not, as
> far as I can see, in any other way. Did I misunderstand what you
I think this is horrible. Why should I waste Apaches resource which has
to make this check for every file access when I can have it for free
with an intelligent directory layout.
Soryy, but I'm not interested in this.
More information about the TYPO3-dev