Revolution: Protect important directories (assets/connectors/core/manager)

Created on 14 Oct 2018  路  3Comments  路  Source: modxcms/revolution

Summary

Protect important directories from renaming or deletion from WITHIN the manager:

Important directories:

  • assets/
  • connectors/
  • core/
  • manager/

Observed behavior

Right click on any of these folders, rename or delete them and you are in trouble.
Could also reduce impact of malicious actions by people with low morals or a short temper.

Expected behavior

MODX should not allow these actions.

feature area-security
Source
picture pepebe
👍6

Most helpful comment

They might be renamed, but who does that from within the manager?

I guess it would be possible to look up the correct paths for these folders from within config.inc.php and then protect them from being deleted.

picture pepebe on 31 Jan 2019
👍4 🚀1

All 3 comments

I agree with the colleague about the protection of the following folders:

  • assets/
  • connectors/
  • core/

But the manager folder should be protected only from deletion. Many rename this folder to protect against hacking.

Ibochkarev picture Ibochkarev on 31 Jan 2019
👍1

@Ibochkarev The rest of the folders are also renamed often, so the comment to all folders is appropriate :)

Ruslan-Aleev picture Ruslan-Aleev on 31 Jan 2019

They might be renamed, but who does that from within the manager?

I guess it would be possible to look up the correct paths for these folders from within config.inc.php and then protect them from being deleted.

pepebe picture pepebe on 31 Jan 2019
👍4 🚀1
Was this page helpful?
0 / 5 - 0 ratings

Related issues

gadgetto picture gadgetto  路  4Comments
Ruslan-Aleev picture Ruslan-Aleev  路  3Comments
netProphET picture netProphET  路  3Comments
alexsoin picture alexsoin  路  3Comments
winformatic picture winformatic  路  4Comments