Security and privacy

moodledata in cgi-bin unsave?

 
 
Picture of Janno Bend
moodledata in cgi-bin unsave?
 

Hi Community,

I am struggeling where to put my moodledata folder. Since my cgi-bin folder is one of the few that gets synced by my migration-tool, I put my folder there.

What´s you opinion about that? unsave?
My moodledata folder has a .htaccess file. I can´t reach the content from a browser.

 

Thany 4 you help,
Janno

 

 
Average of ratings: -
Picture of Ray Morris
Re: moodledata in cgi-bin unsave?
 

Move the .htaccess file down one level and have it refer to moodledata.  As it is, the bad guy can delete the .htaccess since it's in a world-writeable directory.

Use something like this:

RewriteRule moodledata - [F]

(not tested)

It's always better to have any world-writeable file outside of docroot or cgi-bin, but the above is better than putting the .htaccess within moodledata/.

 

 

 

 
Average of ratings: -