You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository has been archived by the owner on Nov 25, 2020. It is now read-only.
Although it is recommended to create additional repositories outside of the web root,
many users create them inside of the data folder but lack knowledge about editing the .htaccess rules.
Thus, even repositories intended for private use are actually public.
I suggest setting access rules for the data folder in general to:
<../data/.htaccess>
Order Deny,Allow
Deny from all
And allowing access for public repositories:
<../data/publicfolder/.htaccess>
Order Deny,Allow
Allow from all
<Files ".ajxp_*">
Deny from all
</Files>
The public access rule creation can be implemented as a feature that is set during repository creation, so even users without knowledge about .htaccess files get to create public repositories,
while enjoying security for private ones.
The text was updated successfully, but these errors were encountered:
You can start implementing this configuration right away,
the only variable I can see are newly created public folders by the user,
which need a .htaccess file created on the fly or a messagebox for admin provisionally.
Although it is recommended to create additional repositories outside of the web root,
many users create them inside of the data folder but lack knowledge about editing the .htaccess rules.
Thus, even repositories intended for private use are actually public.
I suggest setting access rules for the data folder in general to:
And allowing access for public repositories:
The public access rule creation can be implemented as a feature that is set during repository creation, so even users without knowledge about .htaccess files get to create public repositories,
while enjoying security for private ones.
The text was updated successfully, but these errors were encountered: