Php photo gallery TWG | JFUploader | TWG Flash upload | WFU | Forum

Get help for TinyWebGallery, the best image gallery. The forum is also home for the Joomla JFUploader, TWG Flash Uploader and the Wordpress flash uploader.
It is currently 12. Dec 2024, 15:26

This forum is readonly now. Please use the new forum if you don't find the answer to your question here. The new forum is at https://www.tinywebgallery.com/blog/forum/


All times are UTC + 1 hour [ DST ]




Post new topic Reply to topic  [ 2 posts ] 
Author Message
 Post subject: Minor security risk
PostPosted: 19. Mar 2009, 00:52 
Offline

Joined: 16. Mar 2009, 22:43
Posts: 3
The login log file from an unmodified installation of TinyWebGallery can easily be accessed by going to http://example.com/counter/_twg.log . Although this file only displays incorrect login passwords if an admin is clumsy with his or her password (such as myself) someone may be able to guess the admin's password.

This file should be protected somehow, like with an .htaccess file, or maybe the incorrect password should not be printed instead.


Top
 Profile  
 
 Post subject:
PostPosted: 19. Mar 2009, 01:05 
Offline
Site Admin
User avatar

Joined: 1. Aug 2005, 12:53
Posts: 11232
I recommend in howto 1
http://localhost/TinyWebGallery/website ... faq.php#h1 1.
to protect this folder with an .htaccess file.

But in the next version I'll only print * instead the password. because many people maybe only have a typo in the password and the administrator has not read howto 1 ;).

Thanks for the hint.

- Michael


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 2 posts ] 

All times are UTC + 1 hour [ DST ]


Who is online

Users browsing this forum: No registered users and 33 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
cron
powered by phpbb | Datenschutz/ Privacy policy