[wp-trac] Re: [WordPress Trac] #7545: gears-manifest.php shouldn't
be public accessible.
WordPress Trac
wp-trac at lists.automattic.com
Tue Aug 19 18:58:43 GMT 2008
#7545: gears-manifest.php shouldn't be public accessible.
----------------------------+-----------------------------------------------
Reporter: g30rg3x | Owner: anonymous
Type: defect | Status: closed
Priority: lowest | Milestone:
Component: Administration | Version: 2.7
Severity: trivial | Resolution: wontfix
Keywords: |
----------------------------+-----------------------------------------------
Changes (by azaozz):
* status: new => closed
* resolution: => wontfix
* milestone: 2.7 =>
Comment:
Currently Gears captures only public files that are also available in the
installation package (try accessing directly any file listed in the
manifest). There is no private or personal information captured.
If you want to prevent public access to all of these files, best would be
to set simple server authentication for both wp-admin and wp-includes
directories, although that may break some functionality/plugins. Trying to
just hide the WordPress version serves no purpose, as it can be guessed
quite easily in many different ways by looking at the above files.
I think the replies by Otto42, pishmishy and foolswisdom to the previous
ticket apply here too.
--
Ticket URL: <http://trac.wordpress.org/ticket/7545#comment:1>
WordPress Trac <http://trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list