[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]
[Bug 188410] Review Request: phpBB
- From: bugzilla redhat com
- To: fedora-extras-list redhat com
- Subject: [Bug 188410] Review Request: phpBB
- Date: Sun, 9 Apr 2006 15:44:30 -0400
Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug report.
Summary: Review Request: phpBB
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=188410
wtogami redhat com changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |wtogami redhat com
------- Additional Comments From wtogami redhat com 2006-04-09 15:44 EST -------
> Secondly, it complains that there is an htaccess file in the distribution:
> E: phpBB htaccess-file /var/www/phpBB2/cache/.htaccess
> This is where phpBB stores it cache data, and this .htaccess file explicitly
> disallows any direct requests for those files. Thus, this seems reasonable
> ignore, also.
By default httpd.conf doesn't allow htaccess overrides, so the effectiveness of
this .htaccess is not great. I am pretty sure this directory doesn't need to be
in a web accessible directory at all. You could patch the default directory so
that it uses someplace like /var/cache/phpbb instead (not sure, I haven't tested
this)?
About PHPBB security, it is actively maintained, but has a long history of
repeated security holes. I've seen many Linux servers become compromised by
script kiddies due to past PHPBB holes. If PHPBB gets into Fedora, the
maintainer(s) *MUST* be vigilant in updating the package quickly when upstream
makes a new release.
--
Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug, or are watching the QA contact.
[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]