The free forums are no longer in use. It remains available as read-only archive.
9:48 pm
September 1, 2013
Interesting, seems like having that folder is a large security risk. Especially because it needs such open permissions for XCloner to work.
I dont like the fact that if someone wanted to do something bad to my website, they could write a little script which watched that directory for activity then steal my database from that folder, as well as file listing. Which would probably include the location of my wp_config.php file.
Is there some way we can fix this? Or are my fears unwarranted?
12:46 pm
September 1, 2013
I dont want to be a pain in the ass, but it seems like having the htaccess rule should be something XCloner should do by default.
You cant guarentee that any given XCloner job will exit safely. Web servers vary dramatically, a web host could kill the cron job because of excessive processor utilization or memory usage. In that case, I have my database exposed possibly for days on end. Which is totally unacceptable in my opinion.
1 Guest(s)