 Can't read a session |
|
There is no reason to give write permission to /var/www/html/website and /var/www/html if only the writable and writable/session folders are to be written to.
IMHO, it is no longer even safe to store a session in a directory located in /var/www/html/* This should either stay in the /tmp folder or allow the writable constant to be in a location that is completely inaccessible via the browser. This goes completely against what the CIS Apache Benchmark Guidelines suggests. https://www.tenable.com/audits/items/CIS...b02c050880 "Outside the Configured Web DocumentRoot - The directory should NOT be under the configured DocumentRoot directory as such directories are browsable by default, and might allow unintentional web read access. With web read access an attacker could upload malicious content, and then references the content in a URL exploiting the trust that users have in the website." |
| Messages In This Thread |
|
Can't read a session - by ElTomTom - 05-03-2024, 11:26 AM
RE: Can't read a session - by codeus - 05-04-2024, 01:22 PM
RE: Can't read a session - by ElTomTom - 05-04-2024, 05:38 PM
RE: Can't read a session - by Bosborne - 05-05-2024, 03:17 AM
RE: Can't read a session - by ElTomTom - 05-05-2024, 11:06 AM
RE: Can't read a session - by ElTomTom - 05-10-2024, 01:05 PM
|
