[Bug 188410] Review Request: phpBB
bugzilla at redhat.com
bugzilla at redhat.com
Sun Apr 9 19:44:30 UTC 2006
Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug report.
Summary: Review Request: phpBB
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=188410
wtogami at redhat.com changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |wtogami at redhat.com
------- Additional Comments From wtogami at redhat.com 2006-04-09 15:44 EST -------
> Secondly, it complains that there is an htaccess file in the distribution:
> E: phpBB htaccess-file /var/www/phpBB2/cache/.htaccess
> This is where phpBB stores it cache data, and this .htaccess file explicitly
> disallows any direct requests for those files. Thus, this seems reasonable
> ignore, also.
By default httpd.conf doesn't allow htaccess overrides, so the effectiveness of
this .htaccess is not great. I am pretty sure this directory doesn't need to be
in a web accessible directory at all. You could patch the default directory so
that it uses someplace like /var/cache/phpbb instead (not sure, I haven't tested
this)?
About PHPBB security, it is actively maintained, but has a long history of
repeated security holes. I've seen many Linux servers become compromised by
script kiddies due to past PHPBB holes. If PHPBB gets into Fedora, the
maintainer(s) *MUST* be vigilant in updating the package quickly when upstream
makes a new release.
--
Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug, or are watching the QA contact.
More information about the fedora-extras-list
mailing list