local htaccess (was: Re: [Pmwiki-users] What is the *patch file for?)
Mon Dec 6 09:28:51 CST 2004
At 2004-12-06 08:52 AM -0700, Patrick R. Michaud is rumored to have said:
>And yes, local/ is reserved for the sites local scripts, but I make an
>exception for this one file. I think for new site admins it's
>important that PmWiki already have local/.htaccess file in place for
>the initial installation, so the admin doesn't get a nasty hacking
>surprise later on.
>It'll be fixed in the next release.
I think it would also be worth a note on the download and install page.
Something to the effect that:
The "local/" directory in the default distribution contains an ".htaccess"
file. To prevent local scripts from being accessed directly (a potential
security hole) this file must include the following lines:
Deny from all
If you have altered this file, it will be overwritten when you upgrade from
one version of PmWiki to another. Be sure to save a copy of your altered
file in another location before doing an upgrade. After upgrading, you will
need to reinstall your copy of ".htaccess".
This note could appear as comment inside ".htaccess" as well.
Corporate info at http://www.eton.ca/
Eton Systems, 15 Pinepoint Drive, Nepean, ON, Canada K2H 6B1
Tel: (613) 829-4668
More information about the pmwiki-users