Every FW site has a directory called Resources usually to be found on root. It is fairly easy to acces it by typing in: website/Resources.
Not only this directory, but all other folders created by Actions are reachable.
Why does not Softpress build in a file index.html with this content in Resourses and all Action folders in order to prohibit access?
Or is it just me that thinks it is a potential security risk to have folders open?
I wouldn’t say it is a security risk although if you have content in these directories that you want to limit access to (PDFs, music etc) then denying directory access is always a good idea.
One of the features I added to the Image Guardian Action (http://d.pr/RM4T) was to automatically add a similar index file to the current Resources folder for the page so that you can’t easily locate and download content this way.
Personally I would suggest limiting access using an htaccess file as it is usually both quick and easy to do either manually or via your cPanel.
Regards,
Tim.
On 3 May 2013, at 12:38, atelier wrote:
Why does not Softpress build in a file index.html with this content in Resourses and all Action folders in order to prohibit access?
Or is it just me that thinks it is a potential security risk to have folders open?
Personally… as a matter of course I would advise you to add an index.html file to any directory on your hosting account that does not already have one (index.html, index.htm or index.php), directories like php, css, js etc. etc. I generally create a generic one that I use site wide and copy to any new sites I have that sends the browser to the domain and so loads the default home page. I have always looked at this as why would someone want to see whats there? so it keeps prying eyes out of places they shouldn’t really be
On May 3, 2013, at 1:38 PM, atelier wrote:
Every FW site has a directory called Resources usually to be found on root. It is fairly easy to acces it by typing in: website/Resources.
Not only this directory, but all other folders created by Actions are reachable.
Why does not Softpress build in a file index.html with this content in Resourses and all Action folders in order to prohibit access?
Or is it just me that thinks it is a potential security risk to have folders open?
Personally I would suggest limiting access using an htaccess >file as it is usually both quick and easy to do either manually >or via your cPanel. Regards, Tim.
Some hosters do not let you do htaccess unfortunately. But you are right, absolutely the best solution.
Ok, after I told the support agent what I thought of his support ‘in a nice way’ he has finally responded with some interest in the questions I asked him rather than the stupid robotic replies that had no reference to my questions, so…
Yes GoDaddy allow 3rd party scripts for sending contacvt forms to be used on their hosting accounts.
Yes GoDaddy allow the use of the coding that easiForm uses to send emails.
Yes they definatley support ioncube on their Linux hosting accounts.
So this means that nothing has changed and your easiForms using the CAPTCHA is permitted, just a case now of your support request to find out why the php5.ini file on your server does not activate ioncube.
Regards,
Mike
On May 3, 2013, at 6:13 PM, atelier wrote:
Personally I would suggest limiting access using an htaccess >file as it is usually both quick and easy to do either manually >or via your cPanel. Regards, Tim.
Some hosters do not let you do htaccess unfortunately. But you are right, absolutely the best solution.
Ok, after I told the support agent what I thought of his support ‘in a nice way’ he has finally responded with some interest in the questions I asked him rather than the stupid robotic replies that had no reference to my questions, so…
Yes GoDaddy allow 3rd party scripts for sending contacvt forms to be used on their hosting accounts.
Yes GoDaddy allow the use of the coding that easiForm uses to send emails.
Yes they definatley support ioncube on their Linux hosting accounts.
So this means that nothing has changed and your easiForms using the CAPTCHA is permitted, just a case now of your support request to find out why the php5.ini file on your server does not activate ioncube.
Regards,
Mike
On May 3, 2013, at 6:13 PM, atelier wrote:
Personally I would suggest limiting access using an htaccess >file as it is usually both quick and easy to do either manually >or via your cPanel. Regards, Tim.
Some hosters do not let you do htaccess unfortunately. But you are right, absolutely the best solution.
Not only this directory, but all other folders created by Actions are reachable.
On my servers - and on most industry standard linux/unix servers there is a feature called Index Manager
The Index Manager allows you to customize the way a directory will be viewed on the web. You can select between a default style, no indexes, or two types of indexing. If you do not wish for people to be able to see the files in your directory, choose “No Indexing”.
So a simple setting will determine whether or not visitors can see the contents of your Directories.
My default is No Indexing. I would encourage others to do the same.
