Security and privacy

 
 
Picture of Janno Bend
moodledata in cgi-bin unsave?
 

Hi Community,

I am struggeling where to put my moodledata folder. Since my cgi-bin folder is one of the few that gets synced by my migration-tool, I put my folder there.

What´s you opinion about that? unsave?
My moodledata folder has a .htaccess file. I can´t reach the content from a browser.

 

Thany 4 you help,
Janno

 

 
Average of ratings: -
Picture of Ray Morris
Re: moodledata in cgi-bin unsave?
Group DevelopersGroup Particularly helpful Moodlers

Move the .htaccess file down one level and have it refer to moodledata.  As it is, the bad guy can delete the .htaccess since it's in a world-writeable directory.

Use something like this:

RewriteRule moodledata - [F]

(not tested)

It's always better to have any world-writeable file outside of docroot or cgi-bin, but the above is better than putting the .htaccess within moodledata/.

 

 

 

 
Average of ratings: -