Lack of interest Add random hash to exported addon zips

nrep · Aug 28, 2018

If you export an addon, it generates a zip file with a directory and filename that could easily be guessed (or known). This means that if an addon was exported on a live site, it would be possible for someone else to download without permission. Perhaps a random hash could be appended to the filename, so that it can't be guessed and downloaded?

Snog · Aug 28, 2018

The folder where the zip file is generated can't be accessed directly to download the file.

If it can, then there is a problem with your server permissions and/or the .htaccess file for the src folder.

Snog · Aug 28, 2018

S Thomas said:
With the default configs from XF it is possible to access the _release folder, at least here on my test servers.

Just the opposite here. Can't access the _release folder.

S Thomas · Aug 28, 2018

Yea, realized that a server side htaccess overrides the rules.

nrep · Aug 28, 2018

Ah, I have an IIS server and only created the web.config for the root using these instructions (https://xenforo.com/xf2-docs/manual/options/#iis-7). I'll need to add rules for the src folder.

Lack of interest Add random hash to exported addon zips

nrep

Well-known member

Snog

Well-known member

Snog

Well-known member

S Thomas

Well-known member

nrep

Well-known member

Similar threads

We value your privacy