[Vtigercrm-developers] Feature request : no write access to files and folders
Uma S
uma.s at vtiger.com
Thu Jan 29 05:43:14 GMT 2015
Hi,
Thanks! for the notification regarding the feature request.
We have created a trac
<http://trac.vtiger.com/cgi-bin/trac.cgi/ticket/8436#ticket> for same.
Please update your observation here in trac which will help in feature on
going ahead.
On Thu, Jan 29, 2015 at 7:06 AM, Hamono, Chris (DPC) <Chris.Hamono at sa.gov.au
> wrote:
>
> I would like to make a request to see that the folder structure for vtiger
> is cleaned up
>
> Information now stored in files should only be stored in the database only
> For example user profiles, group profiles, tabdata all should be stored in
> the DB.
>
> The ultimate aim is to restrict write access on folders down to absolute
> minimum I.E.
>
> Cached folder for transient data, which is to say all content can be
> deleted with no adverse side effects.
> User content folders for install specific files such as logo’s product
> images etc..
>
> All other folders should be write protected. In our scenario Module
> folders would also be write protected as all modules are installed and
> tested in dev only
>
> Having site wide write access is a security issue. Folders with write
> access should be protected against scripts being run. Using apaches
> .htaccess file php and other scripts can be blocked.
>
> Chris
>
>
>
> _______________________________________________
> http://www.vtiger.com/
>
--
With
Best Regards
Uma.S
Vtiger Team
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.vtigercrm.com/pipermail/vtigercrm-developers/attachments/20150129/83ea3783/attachment.html>
More information about the vtigercrm-developers
mailing list