[Vtigercrm-commits] [vtiger development] #2107: Huge security hole

[vtiger development]

#2107: Huge security hole
------------------------+---------------------------------------------------
  Reporter:  pieper     |       Owner:  mangai  
      Type:  defect     |      Status:  reopened
  Priority:  major      |   Milestone:          
 Component:  vtigercrm  |     Version:  5.0.4   
Resolution:             |    Keywords:          
------------------------+---------------------------------------------------
Changes (by prasad):

  * priority:  blocker => major
  * status:  closed => reopened
  * version:  5.0.3-dev => 5.0.4
  * resolution:  fixed =>
  * milestone:  5.0.4 =>

Comment:

 Hi Minnie,

 .htaccess file was included in root folder of vtigercrm.

 I had not set AllowOverride All for this folder as I did have permissions
 to edit httpd.conf due to this I could not install vtiger!

 Getting error:
 /var/www/vtiger/.htaccess: Option Indexes not allowed here

 Wanted to check if you can copy .htaccess files to folders where you did
 not want to
 have files listed?
 Since index.php is in root folder, other files and folder will not be
 listed.

 But .htaccess should be added in folders like include, soap, test, upload,
 etc...

 Let me know if need any more information.

 Regards,
 Prasad

-- 
Ticket URL: <http://trac.vtiger.com/cgi-bin/trac.cgi/ticket/2107#comment:10>
vtiger development <http://trac.vtiger.com/>
vtigerCRM