Security Advice

Templates, scripts for templates, scripts and requests for templates.

Moderators: Developers, Moderators

Post Reply
jack_666
Posts: 3
Joined: Wed Feb 11, 2004 11:42 am

Security Advice

Post by jack_666 »

Hi I'm a new user of Cacti and off course it's great ! :lol:

But I've noticed that you can skip the login page if you put graph_view.php?action=list

An example: Click Here

My solution in my site is adding a ".htaccess" and now it's ok

:wink:


I know is something newbie my comment but is to give a hand to thoseones that don't notice this.. :lol:

Byes
moonman
Cacti User
Posts: 101
Joined: Sat Sep 06, 2003 10:25 am

Post by moonman »

i think is because guest account is active disable it and it will be ok


btw why you are with older version
drope
Posts: 7
Joined: Wed Nov 24, 2004 9:46 am

Post by drope »

look at what just a google search can do : http://www.google.com/search?num=100&hl ... tnG=Search :o
excuse my so bad english writing...(speaking is worse !)
User avatar
rony
Developer/Forum Admin
Posts: 6022
Joined: Mon Nov 17, 2003 6:35 pm
Location: Michigan, USA
Contact:

Post by rony »

All I can say to that google search is, robot.txt is your friend. :)

It maybe a good idea for cacti to start including a robot.txt file so search engines do not cache the information located in the cacti directories.

Btw, if the guest account is defined in the settings, then going to graph_view.php without login is a normal behavor.
[size=117][i][b]Tony Roman[/b][/i][/size]
[size=84][i]Experience is what causes a person to make new mistakes instead of old ones.[/i][/size]
[size=84][i]There are only 3 way to complete a project: Good, Fast or Cheap, pick two.[/i][/size]
[size=84][i]With age comes wisdom, what you choose to do with it determines whether or not you are wise.[/i][/size]
drope
Posts: 7
Joined: Wed Nov 24, 2004 9:46 am

Post by drope »

I prefer use a .htaccess, more powerful ;)
excuse my so bad english writing...(speaking is worse !)
Post Reply

Who is online

Users browsing this forum: No registered users and 4 guests