Welcome to the MacNN Forums.

If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below.

You are here: MacNN Forums > Software - Troubleshooting and Discussion > Mac OS X > Apache OS X caused security problem and fix

Apache OS X caused security problem and fix
Thread Tools
besson3c
Clinically Insane
Join Date: Mar 2001
Location: yes
Status: Offline
Reply With Quote
Dec 21, 2007, 08:43 PM
 
My Nessus network scanner reported the following:

MacOS X creates a hidden file, '.DS_Store' in each directory that has
been viewed with the 'Finder'. This file contains a list of the
contents of the directory, giving an attacker information on the
structure and contents of your website.

Solution: Use a <FilesMatch> directive in httpd.conf to forbid
retrieval of this file:

<FilesMatch '^\.[Dd][Ss]_[Ss]'>
Order allow, deny
Deny from all
</FilesMatch>

and restart Apache.

Easy fix, probably worth doing. Even if your webserver is not running OS X, depending on how you connect and shuttle files up to your webserver it is possible for these files to get copied up to the server.
     
   
Thread Tools
Forum Links
Forum Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On
Top
Privacy Policy
All times are GMT -5. The time now is 07:39 AM.
All contents of these forums © 1995-2011 MacNN. All rights reserved.
Branding + Design: www.gesamtbild.com
vBulletin v.3.8.7 © 2000-2011, Jelsoft Enterprises Ltd., Content Relevant URLs by vBSEO 3.3.2