tags:

views:

49

answers:

2
+3  Q: 

Drupal: does removing these lines from .htaccess cause security issues ?

hi,

I had to comment these lines from the htaccess files in my main Drupal folder and in sites folder

# Don't show directory listings for URLs which map to a directory.
#Options -Indexes

# Follow symbolic links in this directory.
#Options +FollowSymLinks

...in order to not get a 500 Internal Error on the new server.

Can I leave them uncommented or am I going to have security issues ?

ps. I've also set all content in files folder 777 permission. Is this ok ?

thanks

A: 

You can leave them commented.

Options -Indexes just stops people from viewing a list of all files in a directory, which is basically harmless anyway.

Coronatus  2010-05-17 12:34:41
+2  A: 

It could be a problem - a potential attacker will know exactly which modules you have on your site and exactly which versions. So if you don't update your modules regularly when they have security releases, then your site will be easily exploitable.

matix  2010-05-17 13:46:24

related questions

Batch node operations in Drupal 5
How do you make php's json_decode compatible with firefox's javascript?
Drupal CSS URL Problem
Is it possible to deploy an already built Drupal site?
php Access violation
Creating an online catalogue using Drupal, what are the best modules/techniques?
How do I upgrade from Drupal 5 to 6?
How does AOP work in Drupal?
Any quirks I should be aware of in Drupal's XML-RPC and BlogAPI implementations?
What is the simplest way to handle images in Drupal?
How can I change some of Drupal's default menu strings without hacking the core files or using the String Override plugin?
Why is my Drupal site logging out users when a Javascript function is called?
How do I add a "last" class on the last <li> within a Views-generated list?
How do I determine if I should install Drupal 5.x or 6.x?
Missing label on Drupal 5 CCK single on/off checkbox
learning drupal fast track: how to create a stackoverflow clone?
How do you remove the default title and body fields in a CCK generated Drupal content-type?
How do I create a node from a cron job in drupal?
How to quickly theme a view?
Where is the best place to get Drupal & Sugar CRM developers?
How to get rid of Javascript Runtime Errors when running PDT + XDebug in Eclipse?
What makes Drupal better/different from Joomla
Include CSS or Javascript file for specific node in Drupal 6
What version of TinyMCE will work in Drupal 5 with google chrome?
How can I change the way my Drupal theme displays the front page