My Sites

dotProject
SharedFiles.me


SocialTwist Tell-a-Friend
facebooklinked_intwitter

Translate

English Afrikaans Albanian Arabic Chinese (Simplified) Czech Danish French German Italian Japanese Portuguese Russian Spanish
TimKrause.info Main Feed

 
PDF

Protect your components XML configuration files

User Rating: / 0
PoorBest 
Joomla FAQs - Troubleshooting
View Comments

By default, if I type something like this into a browser window:
http://www.timkrause.info/administrator/components/component_name/component_name.xml

I am allowing users to access the XML data about any and every component on my site. This provides would-be hackers version numbers and other information that can be useful in helping them break into my site.

To prevent this kind of security risk, add the following lines to your .htaccess file:

####Start Prevent display of xml files in browsers####
<Files ~ "\.xml$">
Order allow,deny
Deny from all
Satisfy All
</Files>
####End Prevent display of xml files in browsers####

blog comments powered by Disqus
back to top
Last Updated on Tuesday, 29 December 2009 10:35
 
 
 
 
Joomla 1.5 Templates by Joomlashack