flatfile sec
Opened this issue · 1 comments
If you make a new .htaccess file and simply put the following in it RedirectMatch 404 .posts$
in apache anyway, it makes it so no one can read the .posts db from a browser even if the .posts file is set to 777. Just thought maybe you would want to put the one line .htaccess file in the flatfile db dir? Or maybe include the code in the readme to teach ppl how to make the .htaccess file and put it in the db dir?
Also, great job! You have the best ver of tinyib by far! Any chance to make a stylesheet dropdown so one can change the stylesheet? I am going to use your fork on my sites because it looks nice on mobile. It seems to run fine on latest versions of php.
Lastly, as the orig tinyib is for apache, and needs the .htaccess I was wondering what you think about using nginx and php7.3-fpm instead of apache. I figured to be safe maybe one should stick to apache?
There was warning in Readme.md:
Access to
./inc/flatfile/should be denied.
But thanks for the advice, sorry to react so late.
As for Nginx, I'm not an expert at all in this, unfortunately.