Hi there,
I've had a client, after running a security audit on their site, file a security ticket with us:
49964124 Predictable Resource Location [scratched]/profiles/panopoly/build.xml
Meaning that the audit tool they used flagged this file as something that shouldn't be publicly viewable. Looking at the contents, I don't think there's anything terribly bad about this, but if standard security tools are flagging this, then maybe it's an issue.
This appears to be part of the phing build system. Can we add an .htaccess deny directive to this file in the panopoly profile? I'm assuming it's not actually called by Apache during the build. Let me know if you'd accept a patch.
Thanks,
Shiraz
| Comment | File | Size | Author |
|---|---|---|---|
| #3 | panopoly-hide_phing_build_file-2655260-7.x.patch | 274 bytes | shiraz dindar |
Comments
Comment #2
dsnopekYeah, that should be harmless. :-/
But I'd be happy to accept a patch to add an .htaccess to hide it. :-)
Comment #3
shiraz dindarAgreed re: no-risk, but thanks for accepting the patch! Just makes my life a bit easier.
It's Dave, right? Thanks again.
Comment #4
dsnopekGreat, thanks! Committed! :-)
Comment #6
shiraz dindarThank you!