Hi,
There are some PHP files inside Scriptcase which can be accessed iwthout password, like info.php and diagnostics.php etc.
I think that when you keep scriptcase online is not wise at all that some people would access these files.
Have anyone applied a solution in order to block access to these sensible paths? Is there an article about this with a list of steps that must be done?
Hi Serj
do you have a link to a dignostic? without full url just the folder structure? i can test on my prod env.
some PHP settings affect direct access to the files.
also httaccess file allows to setup additional security.
It is in <your_ScriptCase_path>/diagnosis.php.
This is in Scriptcase env and not on the deployed apps. I would think it should not be in deployed appps…
I know that I can do it using htaccess, however I was wondering if there is a best practice for this, an article for recommended ssecurity setting for scriptcase and why not for deployed apps.