[Pkg-roundcube-maintainers] Bug#500202: cron job removes file shipped in package
Michal Čihař
nijel at debian.org
Fri Sep 26 07:28:46 UTC 2008
Hi
Dne Fri, 26 Sep 2008 09:04:54 +0200
Vincent Bernat <bernat at debian.org> napsal(a):
> The lighttpd config file contains:
> $HTTP["url"] =~ "^/roundcube/config|/roundcube/temp|/roundcube/logs" {
> url.access-deny = ( "" )
> }
>
> Therefore, the directory should not be accessible. Maybe the file is not
> clear enough about what to modify when changing roundcube location.
I know that both apache and lighttpd files contain rules to limit
access, thats why I did not consider it as a security issue :-).
> In fact, .htaccess should not be shipped with roundcube.
That's also a solution...
--
Michal Čihař | http://cihar.com | http://blog.cihar.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 197 bytes
Desc: not available
Url : http://lists.alioth.debian.org/pipermail/pkg-roundcube-maintainers/attachments/20080926/b49234e8/attachment.pgp
More information about the Pkg-roundcube-maintainers
mailing list