TWiki currently has an index.html file in the TWiki root directory. It links to the configure script, implying that TWiki should be in a HTML document enabled directory. This is wrong. For security it is better to put TWiki outside the HTML doc tree, and use Apache configuration to enable twiki/bin as CGI and twiki/pub as HTML doc dir.
--
TWiki:Main/PeterThoeny
- 2013-11-08
I simplified
index.html
and added this note:
ATTENTION: If you can access this page with a browser you have an insecure TWiki installation. Do
not put TWiki into an HTML doc enabled directory. Follow the
TWiki installation instructions
, and use the
TWiki Apache config generator
to generate the
twiki.conf
file for the Apache webserver.
--
TWiki:Main.PeterThoeny
- 2013-11-09
Related, as a cleanup measure of the twiki root directory, I created a new
misc
directory and moved all sample files into it:
pub-htaccess.txt
,
robots.txt
,
root-htaccess.txt
,
subdir-htaccess.txt
,
twiki_httpd_conf.txt
.
This is now in SVN trunk and 6.0 branch.
--
TWiki:Main.PeterThoeny
- 2013-11-09