TWiki currently has an index.html file in the TWiki root directory. It links to the configure script, implying that TWiki should be in a HTML document enabled directory. This is wrong. For security it is better to put TWiki outside the HTML doc tree, and use Apache configuration to enable twiki/bin as CGI and twiki/pub as HTML doc dir.
and added this note:
If you can access this page with a browser you have an insecure TWiki installation. Do not
put TWiki into an HTML doc enabled directory. Follow the TWiki installation instructions
, and use the TWiki Apache config generator
to generate the
file for the Apache webserver.
Related, as a cleanup measure of the twiki root directory, I created a new
directory and moved all sample files into it:
This is now in SVN trunk and 6.0 branch.