Options -Indexes
This is an open discussion with 5 replies, filed under General.
Search
If your setup (i.e. virtual server) allow indexes, yes, you are right. Indeed it shouldn’t. So I think that for Symphony it is not a necessity. And it would make installation on a different web server than Apache more difficult.
On the other hand the future plans for Symphony — storing most of your application logic in XML files — will require some special measures anyway. Let’s see how the team solves this.
Later versions I think use .htaccess to block specific file types from /manifest, so the same could be done for the new XML files - I’m sure that would be a standard requirement.
As for indexes, I recommend you disable this globally for Apache across your entire server rather than relying on the CMS to do it; it’s good practice to disable this and just enable it with htaccess in specific directories when you need it.
I currently use this option in all my projects. All of them in Apache, and always worked very well.
Leaving files exposed, in my opinion, is not pretty.
http://getsymphony.com/extensions/
http://getsymphony.com/workspace/
http://getsymphony.com/manifest/
Plus it can provide information for people with bad intentions. eg recognize the extensions used on the site and find out their versions to take advantage of security flaws - in outdated systems…
Most of the servers I work with do not have access to the apache configuration directly (I need to research more about this). Then need to insert Options -Indexes
in the main CMS .htaccess anyway, right?
Do not know how this will be in Symphony file-based version…
If you don’t have access to the configuration and the provider enabled Indexes, you should definitely change your provider. Indexes should never be enabled by default.
I see, thanks for the explanation. I’ll check about this with the server.
Create an account or sign in to comment.
I wonder if it’s a good practice to add .htaccess file containing:
in /extensions, /workspace and /manifest folders?