Hi Dne Fri, 26 Sep 2008 09:04:54 +0200 Vincent Bernat <[EMAIL PROTECTED]> napsal(a):
> The lighttpd config file contains: > $HTTP["url"] =~ "^/roundcube/config|/roundcube/temp|/roundcube/logs" { > url.access-deny = ( "" ) > } > > Therefore, the directory should not be accessible. Maybe the file is not > clear enough about what to modify when changing roundcube location. I know that both apache and lighttpd files contain rules to limit access, thats why I did not consider it as a security issue :-). > In fact, .htaccess should not be shipped with roundcube. That's also a solution... -- Michal Čihař | http://cihar.com | http://blog.cihar.com
signature.asc
Description: PGP signature