Security and privacy

moodledata in cgi-bin unsave?

Picture of Ray Morris
Re: moodledata in cgi-bin unsave?

Move the .htaccess file down one level and have it refer to moodledata.  As it is, the bad guy can delete the .htaccess since it's in a world-writeable directory.

Use something like this:

RewriteRule moodledata - [F]

(not tested)

It's always better to have any world-writeable file outside of docroot or cgi-bin, but the above is better than putting the .htaccess within moodledata/.




Average of ratings: -