urgent...security issues!

Author Message

kevin wei

Tuesday 11 January 2005 10:34:26 pm

i in stall ez on a non-virtual host, and i cannot put .htaccess under my root folder, which will cause i cannot access the whole site, so i change all file's name under settings to xxx.ini.php.
to my surprise, i can see all contents by http://xxx.com/settings/xxx.ini.php

how can i protect these file from accessing by http protocol?

thanks!

Gabriel Ambuehl

Tuesday 11 January 2005 11:59:22 pm

Sounds like a misconfiguration of the webserver. You should talk to your webhoster.

Visit http://triligon.org

kevin wei

Wednesday 12 January 2005 12:24:55 am

yes,
but i cannot ask him changed for me, do there have any other way can make it securty.
i found i can not access xxx.ini.append file, so can i rename all ini files under settings to ini.append or delete theme all, only left files under override and siteaccess.

thx

Björn Dieding@xrow.de

Wednesday 12 January 2005 1:51:17 pm

if

http://xxx.com/settings/xxx.ini.php files are readable and you cannot place a .htaccess there is no hope for you :-)... Still liek said before talk to your host

another idea could be to place a .htaccess in setttings/

also remove the runcronjobs.php

Looking for a new job? http://www.xrow.com/xrow-GmbH/Jobs
Looking for hosting? http://hostingezpublish.com
-----------------------------------------------------------------------------
GMT +01:00 Hannover, Germany
Web: http://www.xrow.com/

Powered by eZ Publish™ CMS Open Source Web Content Management. Copyright © 1999-2014 eZ Systems AS (except where otherwise noted). All rights reserved.