On Sat, 24 Mar 2001, Julian Rohrhuber wrote:
> >Btw, you should be a little bit more careful serving the whole swiki dir
> >by Apache - it's easy to spy out passwords this way.
>
> did you see any?
I'm not a cracker, so I didn't actually try ;-)
> I thought we had blocked the acess to all settings.xml
> (security.xml seem to not be visible anyway)
Well, per-page passwords are visible in the pages.xml and pages.old
files. The best thing might be to make only the "uploads" directories
accessable.
-- Bert
