WebApp Sec mailing list archives
Re: security of _notes dirs
From: Peter Conrad <conrad () tivano de>
Date: Thu, 15 Sep 2005 11:21:15 +0200
Hi, Am Donnerstag, 15. September 2005 10:57 schrieb Greg:
And one last thing : this is not a security flaw in Macromedia Contribute, but a malpractice from the webmasters. If they read the doc and learn how to write a 3 lines .htaccess, they wouldn't have this information exposed.
I disagree. Files containing passwords do not belong anywhere below the
document root. .htaccess is just a workaround for what's possibly a
design flaw in Macromedia Contribute.
Bye,
Peter
--
Peter Conrad Tel: +49 6102 / 80 99 072
[ t]ivano Software GmbH Fax: +49 6102 / 80 99 071
Bahnhofstr. 18 http://www.tivano.de/
63263 Neu-Isenburg
Germany
Current thread:
- security of _notes dirs Mailing List (Sep 12)
- <Possible follow-ups>
- RE: security of _notes dirs Griffiths, Ian (Sep 12)
- RE: security of _notes dirs michael acadia (Sep 12)
- RE: security of _notes dirs Mailing List (Sep 14)
- Re: security of _notes dirs Michael Acadia (Sep 14)
- Re: security of _notes dirs Mailing List (Sep 15)
- Re: security of _notes dirs Greg (Sep 15)
- Re: security of _notes dirs Peter Conrad (Sep 15)
- Re: security of _notes dirs Mailing List (Sep 15)
- RE: security of _notes dirs Mailing List (Sep 14)