Not clearing old photos ever, and an index is available (not even obscurity) #14
Assignees
Labels
bug
Something isn't working
Comments
|
Hi!
Thanks for your report. I could reproduce the problem. Directory Listings
are blocked in root level, but as soon as you have the first hash (one
directory level down) they are available, again.
This should of course not be possible. I'll provide a bug fix as soon as
possible.
Am 7. Januar 2020 20:05:40 schrieb marc-git <notifications@github.com>:
… Hi, thanks for your server set up. I noticed with the attachments that the
storage location has an index.html file in the root directory (per user?),
so actually once you get into the server you get into everything that was
ever sent.
Are you doing this at all?
https://github.com/ThomasLeister/prosody-filer#automatic-purge
Maybe -max-depth 0 isn't what you wanted?
—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub, or unsubscribe.
|
|
Also thanks for pointing out the mistake in the "find" command (to clean up uploads). I updated the README.md in 3bc8446 |
|
No worries. Thanks for running my xmpp account ;) A good lesson that config security is just as important as code security. I only looked in to it when I realised that image attachments are not encrypted. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hi, thanks for your server set up. I noticed with the attachments that the storage location has an index.html file in the root directory (per user?), so actually once you get into the server you get into everything that was ever sent.
Are you doing this at all?
https://github.com/ThomasLeister/prosody-filer#automatic-purge
Maybe -max-depth 0 isn't what you wanted?
The text was updated successfully, but these errors were encountered: