I have been looking at the important site security recommendation document athttp://www.zen-cart.com/wiki/index.p...ecommendations
Section 7 of this document mentions the use of .htaccess files to help prevent snooping. I have done a quick search on my zencart build and have listed all the directories that have an blank index.html without a .htaccess file as well.
My question is should i include a basic .htaccess like the one also listed in section 7 along side these blank index.html files.
I have attached a plain txt file with a listing of my finding.
Re: .htaccess Files
There are many possible approaches depending on your hosting server's configuration. Some allow you to control with a cascading .htaccess file which catches all inappropriate access to all subdirectories, and others do not.
If you are uncertain or cannot get a clear answer from your host, then protect each folder manually. If you are using Windows hosting, don't rely on .htaccess ... use index.html instead, and work with your host to ensure you have the best security settings active in your account (well, as good as IIS can do anyway).
So ... not to pass the buck, but ... do what *you* have to do for *your* server. The guidelines are simply guidelines, as no *one* exact solution will work for everyone, since every host configures their server differently on their own whims (and changes it as they see fit, often without notice).
By the way, you seem to have extra admin folders in your download and media folders for some reason...
Zen Cart - putting the dream of business ownership within reach of anyone!
Donate to: DrByte directly or to the Zen Cart team as a whole
Remember: Any code suggestions you see here are merely suggestions. You assume full responsibility for your use of any such suggestions, including any impact ANY alterations you make to your site may have on your PCI compliance.
Furthermore, any advice you see here about PCI matters is merely an opinion, and should not be relied upon as "official". Official PCI information should be obtained from the PCI Security Council directly or from one of their authorized Assessors.
Re: .htaccess Files
Thanks for pointing that out i guess it must have been a slip of the fingers when uploading or something.
Originally Posted by DrByte
By soxophoneplayer in forum Installing on a Linux/Unix Server
Last Post: 8 Apr 2016, 09:39 PM
By pasb in forum Installing on a Linux/Unix Server
Last Post: 27 Aug 2009, 07:18 PM
By spikeycactus in forum General Questions
Last Post: 6 Sep 2008, 07:04 PM
By philip56 in forum General Questions
Last Post: 2 Apr 2008, 10:05 PM
Content and Graphics Copyright (c) 2003 - 2016 Zen Ventures, LLC - all rights reserved
Zen Cart® is a Registered Trademark of Zen Ventures, LLC