[GNC-dev] Yet another documentation compiling oddity
Adrien Monteleone
adrien.monteleone at lusfiber.net
Sat Sep 15 13:40:05 EDT 2018
Thanks for the background. I wasn’t thinking of the case of other types of servers, as I so far only deal with Apache.
> On Sep 15, 2018, at 9:28 AM, John Ralls <jralls at ceridwen.us> wrote:
>
> If an attacker guesses the path a -Indexes directive won’t stop him from requesting the directory from the server. It should return a 403 if there’s no index.html, but perhaps there are servers out there that fail, or perhaps the web design folks think that a blank page is better than a 403.
>
> Of course it’s also possible that the practice got going before -Indexes was added and never went away, or that since .htaccess is an Apache thing it’s not sufficiently general (nginx seems to require per-directory config of its autoindex module in its config file, no idea about IIS).
>
> Regards,
> John Ralls
>
>
>> On Sep 14, 2018, at 9:13 PM, Adrien Monteleone <adrien.monteleone at lusfiber.net> wrote:
>>
>> Interesting. I’ll investigate. I’ve never had an issue that I’m aware of. If the server won’t even let you get there due to the directive...?
>>
>> Regards,
>> Adrien
>>
>>> On Sep 14, 2018, at 5:38 PM, John Ralls <jralls at ceridwen.us> wrote:
>>>
>>> It's my understanding that that's less than perfect. It's standard practice in the the CMS world to put poisoned index.html files in directories where you don't want browsers poking their noses.
>>>
>>> Regards,
>>> John Ralls
>>
>>
>> _______________________________________________
>> gnucash-devel mailing list
>> gnucash-devel at gnucash.org
>> https://lists.gnucash.org/mailman/listinfo/gnucash-devel
>
>
More information about the gnucash-devel
mailing list