[byteball.org] .htaccess file is available publicly.

in #utopian-io6 years ago

Project Detalis

Github Repository: https://github.com/byteball/byteball-web/
Platform: https://byteball.org

Expected Behaviour

The htaccess file is used to stop users from accessing certain files and folders. It should not be available to anyone and should be hidden according to its RFC.

Actual Behaviour

.htaccess file is available to anyone to view.

Steps to Reproduce

  1. Visit https://byteball.org/.htaccess in browser and it will be downloaded which can be viewed using any text editor.

or curl https://byteball.org/.htaccess will also work in terminal.

byeball_htaccess.png

Possible Fix

Add this code to .htaccess file

<files .htaccess> order allow,deny deny from all </files>

Github Details

Github Profile
Issue#49

Sort:  

Hi @neutrinoguy, thanks for the contribution.

I see it has been fixed by the PO, thanks to your notifying him via the issue opened on github. Files in .htaccess should not be served in plain text when requested via url, access should be denied since they are originally meant to be hidden.

Great to know it's been fixed.

My feedback:

  1. Your post title follows the Utopian convention. The steps to reproduce, thd expected and actual behavior were also in line with what is expected in a bug contribution.

Thanks again for this contribution, I look forward to your future bug reports.

Your contribution has been evaluated according to Utopian policies and guidelines, as well as a predefined set of questions pertaining to the category.

To view those questions and the relevant answers related to your post, click here.


Need help? Write a ticket on https://support.utopian.io/.
Chat with us on Discord.
[utopian-moderator]

Hey @neutrinoguy
Thanks for contributing on Utopian.
We’re already looking forward to your next contribution!

Want to chat? Join us on Discord https://discord.gg/h52nFrV.

Vote for Utopian Witness!

Indeed it would seem so. Great catch!