You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Hi, thanks for your server set up. I noticed with the attachments that the storage location has an index.html file in the root directory (per user?), so actually once you get into the server you get into everything that was ever sent.
Are you doing this at all? https://github.com/ThomasLeister/prosody-filer#automatic-purge
Maybe -max-depth 0 isn't what you wanted?
The text was updated successfully, but these errors were encountered:
Hi!
Thanks for your report. I could reproduce the problem. Directory Listings
are blocked in root level, but as soon as you have the first hash (one
directory level down) they are available, again.
This should of course not be possible. I'll provide a bug fix as soon as
possible.
Am 7. Januar 2020 20:05:40 schrieb marc-git <notifications@github.com>:
Hi, thanks for your server set up. I noticed with the attachments that the
storage location has an index.html file in the root directory (per user?),
so actually once you get into the server you get into everything that was
ever sent.
Are you doing this at all?
https://github.com/ThomasLeister/prosody-filer#automatic-purge
Maybe -max-depth 0 isn't what you wanted?
—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub, or unsubscribe.
A good lesson that config security is just as important as code security. I only looked in to it when I realised that image attachments are not encrypted.
Hi, thanks for your server set up. I noticed with the attachments that the storage location has an index.html file in the root directory (per user?), so actually once you get into the server you get into everything that was ever sent.
Are you doing this at all?
https://github.com/ThomasLeister/prosody-filer#automatic-purge
Maybe -max-depth 0 isn't what you wanted?
The text was updated successfully, but these errors were encountered: