BoiseFileTree

From Iseborn Wiki
Jump to: navigation, search

Please NOTE! The boiseFileTree module is still under construction, so I am just adding stuff here more or less randomly as I feel the need to document something.

Security statement

Installing this on your web site means that anyone that has access to it will be able to see the complete file system of your web site.

You might not consider this a problem, but you need to understand that this really is a potential security risk. One of the implicit safety guards of any web site is that people and bots on the internet do not actually know the name and location of the files on your site, and this makes it (at least a bit) harder for the bad guys out there to search for and exploit any potential weaknesses. Once they know exactly what you have, it is much easier to search for the potential holes in the security net.

This may not be a real problem for you, but you should consider the implications before installing boiseFileTree publicly.

I recommend that you either protect the script files with HTAccess authorization (or similar) so that you have control over which user that have access to them, or that you at least rename the scripts, giving them inconspicuous names, so that the not-so-good-natured minority of your visitors at least have to work a little to find them.

Installation

In boiseFileTreeConnector.php, the variable $demo_mode_on is assigned the value true. This means that, regardless of which directory that the script is asked to show, it will only show the directory where this script file is located. So you need to change the value to false to have any real use of the boiseFileTree.

If you rename...