Hi
I create a folder in Resources Browser and load up a pdf in there. Let's say folder =pdf.
EG http://www.abcdef.com.au/userfiles/pdf/BookingSheet.pdf
That folder becomes accessible for anyone to go to!
I can go to
http://www.abcdef.com.au/userfiles/pdf
and view a complete list of pdf's in that folder. I may have pdf's in there not linked to webpages for any number of reasons yet they are clearly accessible to anyone who knows the URL.
How can we protect these FCK generated folders??
Thanks
Fri, 10/05/2007 - 00:39
#1
Re: Security Issue with folders created by Resources Browser
Could you figure out where the code is that creates this folder?
there are a few options:
chmod-ing the folder could do the trick.
Or adding an empty index.html to each new folder.
I think there's also a Apache setting that can deny dir-listings
Re: Security Issue with folders created by Resources Browser
A guy I use for some programmin worked it evebnetually by creating an index.html file to be created for each folder created. I shall find out how he did it.
Cheers
Re: NOT Security Issue with folders created by Resources Browser
This is nothing to do with FCKeditor at all. If you manually placed files in such a directory you would have exactly the same issue.
If you are using Apache, just create an .htaccess file containing
Options -Indexes
and that will switch off indexing. This is documented at
http://httpd.apache.org/docs/2.0/mod/mod_autoindex.html
Other webservers may have similar options. The cheap and cheerful way is to make a blank file called index.html
Re: Security Issue with folders created by Resources Browser
I will look into that and get back on the result.
Cheers