I have a big security problem currently, though still in development phase.
I have placed HTML files in the following 2 directories:
It seems anyone outside the site can open the test.html file, even if they have not logged into our Moodle site!
It also seems that an outsider can also get a list of all files in a directory.
/moodle/mod/resource/ press enter
How can I stop an outsider viewing directory contents with in my moodle directory structures? No default protection? Or do I need to manually configure my webserver (apache) to not allow directory listings for those directories?
(I think I know how to perform the latter if need be)
How to stop an outisider opening a filename that they know is in one of my moodle directories?