Php photo gallery TWG | JFUploader | TWG Flash upload | WFU | Forum https://www.tinywebgallery.com/forum/ |
|
Minor security risk https://www.tinywebgallery.com/forum/viewtopic.php?f=4&t=1898 |
Page 1 of 1 |
Author: | Desu [ 19. Mar 2009, 00:52 ] |
Post subject: | Minor security risk |
The login log file from an unmodified installation of TinyWebGallery can easily be accessed by going to http://example.com/counter/_twg.log . Although this file only displays incorrect login passwords if an admin is clumsy with his or her password (such as myself) someone may be able to guess the admin's password. This file should be protected somehow, like with an .htaccess file, or maybe the incorrect password should not be printed instead. |
Author: | TinyWebGallery [ 19. Mar 2009, 01:05 ] |
Post subject: | |
I recommend in howto 1 http://localhost/TinyWebGallery/website ... faq.php#h1 1. to protect this folder with an .htaccess file. But in the next version I'll only print * instead the password. because many people maybe only have a typo in the password and the administrator has not read howto 1 . Thanks for the hint. - Michael |
Page 1 of 1 | All times are UTC + 1 hour [ DST ] |
Powered by phpBB® Forum Software © phpBB Group http://www.phpbb.com/ |