I just installed moodle 1.8.2 (2007021520) to my web site in a directory called /moodle/. While going through all the settings, I got a message that reads:
Your site configuration might not be secure. Plese make sure that your dataroot directory (/home/jkljkl/public_html/moodle/uploaddata) is not directly accessible via web.
My understanding is that /public_html/ is probably accessible from the web. Am I right that maybe everything I just installed is accessible from the web? Can the whole world get to it? Or is my installation safe enough? If it is not safe, is there a way to move directories to the root(?) directory or is the best way to deal with it to uninstall and then reinstall to the root?
Many thanks,
Chip Cook.
Hello, Chip.
Don't worry, just take a look inside uploaddata, is there a file called .htaccess? It contains the following statements:
deny from all
AllowOverride None
Here is the information regarding your issue:
http://docs.moodle.org/en/Installing_Moodle
Check out the section of Creating the data directory (moodledata).
Rgds.
Thanks very much. And thanks also for the fast response. I know that some day, I'll understand all this, but right now I just need to get things running safely for my students.
Chip.
Chip.
You're welcome.
I think the meaning of "accessible" of you and the statement is different. If you don't have .httacess inside uploaddata folder, everyone can access your data via browsers by entering the address http://.../moodle/uploadata. As a result, they can see and copy your data--"accessible".
However, if you create and put it inside uploaddata folder, a "Server Error" message appears when someone try to access uploaddata directory via www.
Rgds,
