Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

vocabularies.ttl world readable #555

Closed
semanticfire opened this issue Oct 1, 2016 · 1 comment
Closed

vocabularies.ttl world readable #555

semanticfire opened this issue Oct 1, 2016 · 1 comment
Labels
bug needs backport
Milestone
1.9

Comments

@semanticfire
Copy link
Contributor

http:///skosmos/vocabularies.ttl

  1. Downloads the vocabularies.ttl when using passwords for endpoint not desired

403 Forbidden, no one needs to see the configuration

adding:

<Files ~ "\.ttl$"> Order allow,deny Deny from all </Files>

to .htaccess solves this problem

What browser did you use? (eg. Firefox, Chrome, Safari, Internet explorer)
@osma osma added this to the 1.9 milestone Oct 3, 2016
@osma
Copy link
Member

osma commented Oct 3, 2016

Thanks for reporting. We haven't had passwords in vocabularies.ttl files, so it didn't occur to us that it would need protection. But you are right, configuration files of web applications should not be world readable.

henriyli pushed a commit that referenced this issue Oct 5, 2016
adding a directive that prevents access to the ttl files, fixes #555
32aadec
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug needs backport
Projects
None yet
Milestone
1.9
Development

No branches or pull requests
2 participants
@semanticfire @osma