vb.org Archive
Page 2 of 2 1 2
Show 40 post(s) from this thread on one page

vb.org Archive (https://vborg.vbsupport.ru/index.php)
-   vB3 General Discussions (https://vborg.vbsupport.ru/forumdisplay.php?f=111)
-   -   Security: Denying direct access to files (https://vborg.vbsupport.ru/showthread.php?t=90924)

tamarian 06-24-2005 01:30 PM
One thing I don't like about the vB installation script is that it tells you to delete the install.php file. What they don't tell you is that you can delete the entire install directory :) For upgrades, you just copy the whole install directory from the new version.

Zachery 06-24-2005 01:38 PM
Quote:
Originally Posted by tamarian
One thing I don't like about the vB installation script is that it tells you to delete the install.php file. What they don't tell you is that you can delete the entire install directory :) For upgrades, you just copy the whole install directory from the new version.
Eh, I don't advise deleteing the entire install directory, there are some useful files that you should have on hand, further more the only somewhat harmful file is install.php (because it can drop your database)

tamarian 06-24-2005 01:49 PM
Quote:
Originally Posted by Zachery
Eh, I don't advise deleteing the entire install directory, there are some useful files that you should have on hand, further more the only somewhat harmful file is install.php (because it can drop your database)
I always have them on hand, at home :)

Marco van Herwaarden 06-24-2005 02:03 PM
Better is to protect the directory with a .htaccess

VBCoder 06-24-2005 03:31 PM
I agree, the best thing is a simple .htaccess to block the dir. (Really, the includes etc should be outside of the webroot but I guess vB must support hosts where this is not available). My question is only which dirs can be blocked - I guess the answer is /includes/ and /install/

tamarian 06-24-2005 04:03 PM
Quote:
Originally Posted by VBCoder
(Really, the includes etc should be outside of th(Boys and girls, don't try this at homee webroot but I guess vB must support hosts where this is not available).
This is a good idea. But the includes directory (I think) is harcoded in a few places. But if it's made outside the webroot, you can just add it explicitly the includes path in php.ini and it should work.

I can see some mods and vB devs pulling their hair out at all this sacrilege :D


All times are GMT. The time now is 11:25 PM.
Page 2 of 2 1 2
Show 40 post(s) from this thread on one page

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.

X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.01169 seconds
  • Memory Usage 1,726KB
  • Queries Executed 10 (?)
More Information
Template Usage:
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (3)bbcode_quote_printable
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (1)pagenav_pagelink
  • (1)post_thanks_navbar_search
  • (1)printthread
  • (6)printthreadbit
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • showthread
Included Files:
  • ./printthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/class_bbcode_alt.php
  • ./includes/class_bbcode.php
  • ./includes/functions_bigthree.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • printthread_start
  • pagenav_page
  • pagenav_complete
  • bbcode_fetch_tags
  • bbcode_create
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • printthread_post
  • printthread_complete