TWiki currently has an index.html file in the TWiki root directory. It links to the configure script, implying that TWiki should be in a HTML document enabled directory. This is wrong. For security it is better to put TWiki outside the HTML doc tree, and use Apache configuration to enable twiki/bin as CGI and twiki/pub as HTML doc dir.
--
TWiki:Main/PeterThoeny - 2013-11-08
I simplified
index.html
and added this note:
ATTENTION: If you can access this page with a browser you have an insecure TWiki installation. Do
not put TWiki into an HTML doc enabled directory. Follow the
TWiki installation instructions, and use the
TWiki Apache config generator to generate the
twiki.conf
file for the Apache webserver.
--
TWiki:Main.PeterThoeny - 2013-11-09
Related, as a cleanup measure of the twiki root directory, I created a new
misc
directory and moved all sample files into it:
pub-htaccess.txt
,
robots.txt
,
root-htaccess.txt
,
subdir-htaccess.txt
,
twiki_httpd_conf.txt
.
This is now in SVN trunk and 6.0 branch.
--
TWiki:Main.PeterThoeny - 2013-11-09