Project

General

Profile

Actions
Copy link

Bug #22513

closed

Changelog, README, NEWS files should be blocked via htaccess

Added by Oliver Klee over 14 years ago. Updated over 10 years ago.

Status:
Closed
Priority:
Should have
Assignee:
-
Category:
-
Target version:
-
Start date:
2010-04-26
Due date:
% Done:

0%

Estimated time:
TYPO3 Version:
4.4
PHP Version:
5.2
Tags:
Complexity:
Is Regression:
Sprint Focus:

Description

OTRS Ticket ID: 2010042610000013

Files like Changelog, README, NEWS.txt etc. that are publicly visible
allow easy scanning for vulnerable TYPO3 or extension versions.

So TYPO3's default .htaccess should deny access to these files by default.

(issue imported from #M14203)

Related issues 1 (0 open1 closed)

Related to TYPO3 Core - Task #23078: Ship .htaccess with a Deny rule for *.sqlClosedMarkus Klein2010-07-02

Actions
Actions
Copy link
 #1

Updated by Helmut Hummel almost 14 years ago

We agreed, that this would not help much. It would still fairly easy be possible to track the TYPO3 and extension versions

Actions
Copy link
 #2

Updated by Christian Weiske over 10 years ago

I still think that it would help in making fingerprinting harder.

Actions
Copy link

Also available in: Atom PDF