security issue

Post Reply
gerry.odea
Posts: 98
Joined: Fri Sep 19, 2008 9:33 am

security issue

Post by gerry.odea »

I have a security problem and I don't know how to fix it.

When I type /texis/open/failed-search, it works fine but when I leave the "texis" part out of the url, /open/failed-search -it displays all the code of my texis script. How do I stop that from happening?
Last edited by gerry.odea on Mon Oct 03, 2022 4:54 pm, edited 1 time in total.
User avatar
John
Site Admin
Posts: 2592
Joined: Mon Apr 24, 2000 3:18 pm
Location: Cleveland, OH
Contact:

Re: security issue

Post by John »

There are two common approaches to that:

One is setting the script root separate from the document root, that way the scripts don't live inside the web tree, and aren't exposed that way.

The second is to name the scripts with the source extension, e.g. failed-search.vs and configure the web server to not serve .vs files.
John Turnbull
Thunderstone Software
Post Reply