local htaccess (was: Re: [Pmwiki-users] What is the *patch file for?)

Neil Herber nospam
Mon Dec 6 09:28:51 CST 2004

At 2004-12-06  08:52 AM -0700, Patrick R. Michaud is rumored to have said:
>And yes, local/ is reserved for the sites local scripts, but I make an
>exception for this one file.  I think for new site admins it's
>important that PmWiki already have local/.htaccess file in place for
>the initial installation, so the admin doesn't get a nasty hacking
>surprise later on.
>It'll be fixed in the next release.

I think it would also be worth a note on the download and install page. 
Something to the effect that:

The "local/" directory in the default distribution contains an ".htaccess" 
file. To prevent local scripts from being accessed directly (a potential 
security hole) this file must include the following lines:

         Order allow,deny
         Deny from all

If you have altered this file, it will be overwritten when you upgrade from 
one version of PmWiki to another. Be sure to save a copy of your altered 
file in another location before doing an upgrade. After upgrading, you will 
need to reinstall your copy of ".htaccess".

This note could appear as comment inside ".htaccess" as well.


Neil Herber
Corporate info at http://www.eton.ca/
Eton Systems, 15 Pinepoint Drive, Nepean, ON, Canada K2H 6B1
Tel: (613) 829-4668 

More information about the pmwiki-users mailing list