| Author |
|
V4g_Br4Ck3r
Newbie
Joined: 14 October 2011
Location: Brazil
Online Status: Offline
Posts: 7
|
| Posted: 17 October 2011 at 3:47am | IP Logged
|
|
|
I have a problem to set the access level of my settings file!
For if I type:
mail.server.com.br / data / settings / settings.xml
I see all the settings! But this is a security problem, because all my passwords are there!
How do I show access denied?
|
| Back to Top |
|
| |
Igor
AfterLogic Support
Joined: 24 June 2008
Location: United States
Online Status: Offline
Posts: 6104
|
| Posted: 17 October 2011 at 3:53am | IP Logged
|
|
|
Out of box, WebMail Pro contains .htaccess file under the data folder with Deny from all directive there. In most cases, that would protect files and folders from accessing them directly. In case if that doesn't work for you, I suggest to revise configuration of your web server or virtual host and make sure Allow and Deny directives are accepted. For Apache web server, those directives are explained at their documentation page, and if you use a different web server check their security-related docs.
--
Regards,
Igor, AfterLogic Support
|
| Back to Top |
|
| |
Igor
AfterLogic Support
Joined: 24 June 2008
Location: United States
Online Status: Offline
Posts: 6104
|
| Posted: 18 October 2011 at 10:25am | IP Logged
|
|
|
By the way, there's another approach which might be easier to use in your case. Out of box, data folder is a direct subfolder of main WebMail Pro folder. However, you can move it to any different location which cannot be accessed via web browser (outside document root). You'll need to specify new filesystem path for that folder in inc_settings_path.php file and make sure the location is writable for web server.
--
Regards,
Igor, AfterLogic Support
|
| Back to Top |
|
| |
V4g_Br4Ck3r
Newbie
Joined: 14 October 2011
Location: Brazil
Online Status: Offline
Posts: 7
|
| Posted: 19 October 2011 at 3:47am | IP Logged
|
|
|
Hello, I've tried everything on the server!
Was to "AllowOverride NONE." And changed to All AuthConfig however did not work!
<Directory "/var/www/">
AllowOverride AuthConfig
Order allow, deny
allow from all
</ Directory>
In the end I ended up changing the location and name of the folder and changing the inc_settings_path.php!
For now I'll leave it at that! Thanks again!
|
| Back to Top |
|
| |
Igor
AfterLogic Support
Joined: 24 June 2008
Location: United States
Online Status: Offline
Posts: 6104
|
| Posted: 19 October 2011 at 3:54am | IP Logged
|
|
|
Actually, you'd need AllowOverride Limit which handles host access while AuthConfig handles authorization only, see Apache documentation page for more details. But, as long as current solution works for you, you can certainly leave that the way it is now.
--
Regards,
Igor, AfterLogic Support
|
| Back to Top |
|
| |
MailBee.NET Objects 
MailBee.NET Queue 
MailBee Objects 
WebMail Pro PHP 
AfterLogic Aurora 
MailSuite Pro for Linux 
Unified Messaging Solution 
Search
Register
Login
Topic: Protecting settings.xml
Privacy policy |
Refund policy