Protect your admin stuff with .htaccess

I just found the third unprotected project management environment :-/

I'm just curious, not destructive - but others might find that stuff too.

Even if it is only a test environment, it might reveal some private informations and project settings.


p.s.: Maybe the PHP should even enforce this protection and exit immediately if it is missing, so the admins have to install it before they can do anything with their scripts. If an admin doesn't like that, he can still remove the protective lines from the PHP.

And that's misleading too. .htaccess is an inefficient way to change configuration if you have access to the main Apache config file.

---

And that's misleading too. .htaccess is an inefficient way to change configuration if you have access to the main Apache config file.

Any kind of protection will do (the snippet doesn't check for "Basic") and .htaccess should exist anyway - and be it only to set CheckSpelling Off and Options -Indexes

It's just to make the admin really be aware of the necessity for protection.

and .htaccess should exist anyway - and be it only to set CheckSpelling Off and Options -Indexes

CheckSpelling and Options should be on the main config as well. .htaccess is only useful for shared host admins to let users change some configuration where they don't have access to the main configuration file. In all other cases, it's a good idea to set AllowOverride None so that Apache doesn't even check for the existence of a .htaccess file, making it faster (no need to search and read the file on each request).

---

... .htaccess is only useful for shared host admins ...

Well, that was the part I copied from the existing management scripts, so if you want to kick someone, kick the BOINC developers *g

Leave the .htaccess check away, test only the two $_SERVER elements and change the text - but the reaction should be a bold red die(), not just a thin red echo().