Backups are great

Posted on April 22, 2009 by Marcus.

Protect TYPO3 export files

TYPO3 allows to create export files. They are useful as poor man's backups or if you want to move your TYPO3 instance to another server. TYPO3 allows to configure which data to include in such an export. Usually they are written to or below fileadmin directory.

What's wrong about it?
These files might contain credentials (username and passwords of FE and BE users) and are written below DocumentRoot (publicely available). Think of having DirectoryIndex enabled or an easy to guess filename (backup.t3d)!

Using apache as web server it is easy to restrict access to such files. Simply put following lines in the vhost configuration:
<FilesMatch "\.t3d$">
  Order allow,deny
  Deny from all
</FilesMatch>

Further requests to such files will result in a 403 Forbidden status message.

Permalink | Trackback link
Tags: t3d, apache
Views: 0
  •  
  • 0 Comment(s)
  •  

Your comment

back

Categories

  • advisory(7)
  • book(1)
  • [-]database(1)
  • exploit(1)
  • hacks(2)
  • others(6)
  • PHP(1)
  • TYPO3(22)

Tag cloud