Flarum default installation fault

You are here: Index > Softaculous Auto Installer > General Support > Topic : Flarum default installation fault

Threaded Mode | Print

Flarum default installation fault, Flarum works but security issues (2 Replies, Read 1144 times)

MrQew	# August 10, 2023, 4:35 pm
Group: Member Post Group: Newbie Posts: 2 Status:	Basic installer fails to put things in the right folder. Basic install will have a "public" folder inside the folder chosen for the install which is not correct. Per the installation instructions, "By default Flarum's directory structure includes a public directory which contains only publicly-accessible files. This is a security best-practice, ensuring that all sensitive source code files are completely inaccessible from the web root." copies from https://docs.flarum.org/install/ Meaning every install of Flarum on Softaculous is installed incorrectly with security issues since they put ALL the files in a publicly accessible folder. This seems like a very small configuration issue that should be rectified. Makes me worry how many installations Softaculous does that are insecure. I know there are "word-arounds" but they are terrible and insecure and simply fix the cosmetic issue of "/public" in all your forums links.
IP: --

Flarum default installation fault

MrQew	# August 10, 2023, 4:38 pm \| Post: 1
Group: Member Post Group: Newbie Posts: 2 Status:	Not sure if this will go anywhere, I just noticed your forum isn't even using your own logo, you're using the forum maker's logo. I will just assume everything out of Softaculous is insecure and will stop using this service. The amount of laziness found among all these installers is really shocking.
IP: --

Flarum default installation fault

Brijesh	# September 11, 2023, 12:47 pm \| Post: 2
Group: Softaculous Team Post Group: Super Member Posts: 5652 Status:	Hi, Sorry for the delay in response. In Shared Hosting panels they do not support changing the document root of the primary domain hence the above method described of pointing the domain to the public/ folder is not something Softaculous can do. Hence Softaculous unzips the files in document root BUT Softaculous does protect that directory using appropriate .htaccess rules so the files outside public/ folder when installed via Softaculous are not web accessible. Regarding the logo for the forum its not that we did not change the logo out of laziness but to give the forum developer the due attribute. I am not sure how that would lead to any security implications as you mentioned in your post. ----------------------- Webuzo - Multi User Hosting Control Panel AMPPS - Best WordPress/PHP/MySQL development tool
IP: --

« Previous Next »

Threaded Mode | Print

Jump To :

Users viewing this topic
	1 guests, 0 users.

All times are GMT. The time now is April 27, 2024, 5:12 pm.

Powered By AEF 1.0.8 © 2007-2008 Electron Inc.

Queries: 11 | Page Created In:0.044