Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

/js exposed with autoindex on, issue? #95

Closed
SadBaxter opened this issue Oct 3, 2019 · 2 comments
Closed

/js exposed with autoindex on, issue? #95

SadBaxter opened this issue Oct 3, 2019 · 2 comments

Comments

@SadBaxter
Copy link

Just noticed that the /js directory can be reached if autoindex is enabled on apache. Obviously that can just be turned off in apache but every other directory has either an empty index.html or code in the index.php to prevent them from being targeted directly. Was /js meant to be left like this?
@ajdonnison
Copy link
Contributor

There is no real reason why it was left like this, although unlike .php files, .js files are always readable anyway, so having them listed isn't much of a security issue. Opening up the debug screen available on any browser these days will show what JS files are loaded, and pointing your browser directly to the file will always show its contents. I guess for consistency we should probably include an empty index.html, but in terms of security (even security by obscurity) it is not really an issue.

@SadBaxter
Copy link
Author

Okay that's all good then, thank you!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@ajdonnison @SadBaxter