[Vtigercrm-developers] Feature request : no write access to files and folders
Hamono, Chris (DPC)
Chris.Hamono at sa.gov.au
Thu Jan 29 01:36:11 GMT 2015
I would like to make a request to see that the folder structure for vtiger is cleaned up
Information now stored in files should only be stored in the database only
For example user profiles, group profiles, tabdata all should be stored in the DB.
The ultimate aim is to restrict write access on folders down to absolute minimum I.E.
Cached folder for transient data, which is to say all content can be deleted with no adverse side effects.
User content folders for install specific files such as logo's product images etc..
All other folders should be write protected. In our scenario Module folders would also be write protected as all modules are installed and tested in dev only
Having site wide write access is a security issue. Folders with write access should be protected against scripts being run. Using apaches .htaccess file php and other scripts can be blocked.
Chris
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.vtigercrm.com/pipermail/vtigercrm-developers/attachments/20150129/d6b33d74/attachment-0001.html>
More information about the vtigercrm-developers
mailing list