tonyair/silverstripe-installer
1
0
Fork 0
mirror of https://github.com/silverstripe/silverstripe-installer synced 2024-10-22 17:05:33 +02:00
Code Issues Projects Releases Wiki Activity

Prevent YAML access in IIS by default (fixes #8233)

Browse Source 
Since SS3 keeps values in configuration, direct access
to known paths might expose them
This commit is contained in:
Ingo Schommer 2013-02-17 21:04:58 +01:00
parent 494bfc7863
commit 98135df7d3
1 changed files with 1 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
web.config
View File

@ -10,6 +10,7 @@
</hiddenSegments> </hiddenSegments>
<fileExtensions allowUnlisted="true" > <fileExtensions allowUnlisted="true" >
<add fileExtension=".ss" allowed="false"/> <add fileExtension=".ss" allowed="false"/>
<add fileExtension=".yml" allowed="false"/>
</fileExtensions> </fileExtensions>
</requestFiltering> </requestFiltering>
</security> </security>