webappsec@securityfocus.com
[Top] [All Lists]

Re: security of _notes dirs

Subject: Re: security of _notes dirs
From: Peter Conrad
Date: Thu, 15 Sep 2005 11:21:15 +0200
Hi,

Am Donnerstag, 15. September 2005 10:57 schrieb Greg:
>
> And one last thing : this is not a security flaw in Macromedia Contribute,
> but a malpractice from the webmasters. If they read the doc and learn how
> to write a 3 lines .htaccess, they wouldn't have this information exposed.

I disagree. Files containing passwords do not belong anywhere below the
document root. .htaccess is just a workaround for what's possibly a 
design flaw in Macromedia Contribute.

Bye,
        Peter
-- 
Peter Conrad                        Tel: +49 6102 / 80 99 072
[ t]ivano Software GmbH             Fax: +49 6102 / 80 99 071
Bahnhofstr. 18                      http://www.tivano.de/
63263 Neu-Isenburg

Germany

<Prev in Thread] Current Thread [Next in Thread>