htaccess security: preventing access to php backup files
|Reported by:||ncouture||Owned by:|
As the project ships its own htaccess file I believe it could be used to improve security of all elgg installations by preventing web client access to all potential php backup files.
Backup file creation is a default setting on many popular text editors, vim and emacs to name a few, will save backup files (eg: editing /engine/settings.php on the webserver will result in the creation of /engine/settings.php~).
This can be considered the administrator/developer/user's responsibility but I believe it's a trivial improvement that do not have "counter indications".