Feng Forum
Welcome,
Guest
. Please
login
or
register
.
Did you miss your
activation email
?
1 Hour
1 Day
1 Week
1 Month
Forever
Login with username, password and session length
News:
Feng Office 3.1 has been released!!
Home
Help
Search
Login
Register
Feng Forum
»
Support
»
Older versions
»
Feng Office 1
»
Security Bug
« previous
next »
Print
Pages: [
1
]
Author
Topic: Security Bug (Read 11818 times)
martino87r
Newbie
Posts: 29
Security Bug
«
on:
February 04, 2009, 07:19:04 am »
Well' I'm back finally! After few months focused on my exams i have now time to work on OpenGoo.
I've discovered a little security bug that allow others to access the Upload folder.
The Upload folder (opengoo/upload) can be viewed in web browser because apache allow the listing by default. Even if the content is encrypted it will be better to don't allow listing of that directory (like any other).
I've also fixed this adding a new .htaccess file forbidding listing of that directory.
Logged
ignacio
Hero Member
Posts: 1703
Re: Security Bug
«
Reply #1 on:
February 04, 2009, 09:57:48 am »
You're right, we should disallow access to that folder by default.
Thanks.
Logged
How to debug an error
Feng Office Wiki
r2gnl
Newbie
Posts: 6
Re: Security Bug
«
Reply #2 on:
April 01, 2009, 01:08:24 pm »
well, I just downloaded and installed opengoo version 1.3.1, yet with a browser I can still acces all folder and view any content. Slipped through?
Regards, Remco
Logged
ignacio
Hero Member
Posts: 1703
Re: Security Bug
«
Reply #3 on:
April 07, 2009, 10:59:26 am »
Are you using apache? Check if there's a .htaccess file on the upload folder. You need to have your apache configured so that you can allow overriding configuration with .htaccess files.
Logged
How to debug an error
Feng Office Wiki
Print
Pages: [
1
]
« previous
next »
Feng Forum
»
Support
»
Older versions
»
Feng Office 1
»
Security Bug
