Recent Topics

1 Jul 22, 2007 22:57    

My b2evolution Version: 1.10.x

If I create a blog via stubfile and call it "media" (media.php) are there any security or access issues to be aware of? I've set this up on a test blog and it seems to work.. (I can post test posts and preview posts properly).

However, are there any hidden ramifications to having a blog/stub with the same name as the 'media' folder? I figured it has the added benefit of masking the media directory from view, but is there something I'm missing? For example, would creating an .htaccess in the media folder to prevent directory browsing or preventing *.php files from being run cause problems for the media blog/stub to run at all? Any other kinds of issues?


2 Jul 25, 2007 22:53

No issues.
Changing the name for the media folder isn't going to help: they are searching for open dir's and find the media forder anyway. It's like a search for "parent directory".

Nice idea of the .htaccess excluding php. If I am correct something like this is planned for version 2.0 (but mayby some other technique, I do this from memory).

Have fun

3 Jul 26, 2007 00:55

In all my installations I put an empty index.html file in each folder people shouldn't be in. Browsers will automagically show that page to anyone trying to poke around my folders. Works without issue and has no negative ramifications that I am aware of.

As to using media as a stub name: go for it. The path to a link and something in your media folder are quite different. Media folder is an actual path, where posts simply create the illusion of folders.

Form is loading...