Security and privacy

moodledata in cgi-bin unsave?

Picture of Ray Morris
Re: moodledata in cgi-bin unsave?
Group DevelopersGroup Particularly helpful Moodlers

Move the .htaccess file down one level and have it refer to moodledata.  As it is, the bad guy can delete the .htaccess since it's in a world-writeable directory.

Use something like this:

RewriteRule moodledata - [F]

(not tested)

It's always better to have any world-writeable file outside of docroot or cgi-bin, but the above is better than putting the .htaccess within moodledata/.




Average of ratings: -