Security issue
Submitted by michel on Fri, 03/28/2008 - 18:46.
Hello
I'm using the 0.8.0.2 version and I noticed that the folder projectpier/public/files/ is unprotected.
It contains thumbnails of image files such as avatars of your clients, which is not good for confidentiality.
It may need an .htaccess file.
Regards,
Michel.
Well spotted, yes putting a .htaccess in the uploads and public/files folders would be a great idea.
An index.html file wouldn't go amiss either I suppose
Thanks for reporting this :)
Please also note that the files directory should be read/writable by the webserver but not by the public. Since the files go through the webserver instead of being downloaded directly, this shouldn't be directly accessible by the public.
.htaccess wouldn't work on all web servers.