You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Just noticed that the /js directory can be reached if autoindex is enabled on apache. Obviously that can just be turned off in apache but every other directory has either an empty index.html or code in the index.php to prevent them from being targeted directly. Was /js meant to be left like this?
The text was updated successfully, but these errors were encountered:
There is no real reason why it was left like this, although unlike .php files, .js files are always readable anyway, so having them listed isn't much of a security issue. Opening up the debug screen available on any browser these days will show what JS files are loaded, and pointing your browser directly to the file will always show its contents. I guess for consistency we should probably include an empty index.html, but in terms of security (even security by obscurity) it is not really an issue.
Just noticed that the /js directory can be reached if autoindex is enabled on apache. Obviously that can just be turned off in apache but every other directory has either an empty index.html or code in the index.php to prevent them from being targeted directly. Was /js meant to be left like this?
The text was updated successfully, but these errors were encountered: