Page 1 of 1

why error log placed inside the htdocs folder

Posted: Sat Feb 04, 2017 10:58 am
by lennyli
I'm taking over admin of an opencart installation.
I'm quite shocked to see the error log being placed inside the html document root at the path
system/logs/error.txt

This information is supposed to be confidential to the administrator. Is it by default the apache/opencart get installed this way? Could hackers modify this file and execute some damaging instructions as I see the file is rwxrwxrwx .

Re: why error log placed inside the htdocs folder

Posted: Sat Feb 04, 2017 1:00 pm
by IP_CAM
A well done OC has an EMPTY Error Log. Everything else would be highly unprofessional.
But you could keep the Directory, and/or the File extension from beeing called directly (.txt), by
use of .htaccess as well, by making it look like:

Code: Select all

# Prevent Direct Access to files
<FilesMatch "(?i)((\.xml|\.txt|\.tpl|\.ini|\.log|(?<!robots)\.txt))">
 Order deny,allow
 Deny from all
</FilesMatch> 
Ernie