Page 1 of 1

security issue

Posted: Mon Oct 03, 2022 4:00 pm
by gerry.odea
I have a security problem and I don't know how to fix it.

When I type /texis/open/failed-search, it works fine but when I leave the "texis" part out of the url, /open/failed-search -it displays all the code of my texis script. How do I stop that from happening?

Re: security issue

Posted: Mon Oct 03, 2022 4:30 pm
by John
There are two common approaches to that:

One is setting the script root separate from the document root, that way the scripts don't live inside the web tree, and aren't exposed that way.

The second is to name the scripts with the source extension, e.g. failed-search.vs and configure the web server to not serve .vs files.