Hi Dne Fri, 26 Sep 2008 09:04:54 +0200 Vincent Bernat <[EMAIL PROTECTED]> napsal(a):
> The lighttpd config file contains:
> $HTTP["url"] =~ "^/roundcube/config|/roundcube/temp|/roundcube/logs" {
> url.access-deny = ( "" )
> }
>
> Therefore, the directory should not be accessible. Maybe the file is not
> clear enough about what to modify when changing roundcube location.
I know that both apache and lighttpd files contain rules to limit
access, thats why I did not consider it as a security issue :-).
> In fact, .htaccess should not be shipped with roundcube.
That's also a solution...
--
Michal Čihař | http://cihar.com | http://blog.cihar.com
signature.asc
Description: PGP signature
