HackerOne users: Testing against this community violates our program's Terms of Service and will result in your bounty being denied.

Improve Vanilla Security by Default - Deny Viewing the Cache

mtschirsmtschirs ✭✭✭

I would suggest to make vulnerability discovery in Vanilla harder by removing web access to the cache directory (or relevant parts of it). E.g. http://vanillaforums.org/cache/p_core_library_map.ini

I suggest adding some rules to the .htaccess file that comes 'preinstalled' with Vanilla.



Sign In or Register to comment.