local htaccess (was: Re: [Pmwiki-users] What is the *patch file for?)
Neil Herber
nospam
Mon Dec 6 09:28:51 CST 2004
At 2004-12-06 08:52 AM -0700, Patrick R. Michaud is rumored to have said:
>And yes, local/ is reserved for the sites local scripts, but I make an
>exception for this one file. I think for new site admins it's
>important that PmWiki already have local/.htaccess file in place for
>the initial installation, so the admin doesn't get a nasty hacking
>surprise later on.
>
>It'll be fixed in the next release.
I think it would also be worth a note on the download and install page.
Something to the effect that:
====
The "local/" directory in the default distribution contains an ".htaccess"
file. To prevent local scripts from being accessed directly (a potential
security hole) this file must include the following lines:
Order allow,deny
Deny from all
If you have altered this file, it will be overwritten when you upgrade from
one version of PmWiki to another. Be sure to save a copy of your altered
file in another location before doing an upgrade. After upgrading, you will
need to reinstall your copy of ".htaccess".
====
This note could appear as comment inside ".htaccess" as well.
Neil
Neil Herber
Corporate info at http://www.eton.ca/
Eton Systems, 15 Pinepoint Drive, Nepean, ON, Canada K2H 6B1
Tel: (613) 829-4668
More information about the pmwiki-users
mailing list