29,047
edits
Changes
m
→File:art.png Security Features
Line 87:
Line 87:
*Dolibarr directories content can't be accessed even if Apache option Indexes has been forgotten to on (should not) <sup>[*3]</sup>.
*Pages and contents are protected by centralized entry code to check permissions (granted on groups or users for each functional module) <sup>[*4]</sup> <sup>[*10]</sup>.
*Pages and contents are protected by centralized entry code to check permissions (granted on groups or users for each functional module) <sup>[*4]</sup> <sup>[*10]</sup>.
*Files saved by Dolibarr are stored in a different root directory than web application (so they can't be downloaded without passing by the Dolibarr wrapper) <sup>[*3]</sup> <sup>[*10]</sup>. Note: You must check that you did not choose the "'''document'''" directory (for upload files) to be in same directory neither in a sub-directory than the "'''htdocs'''" directory. You web virtual host must point to the htdocs directory only (and this directoy can/should be in read only mode). So any uploaded file (stored into the document directory) can't be download without using the wrapper page.
*Files saved by Dolibarr are stored in a different root directory than web application (so they can't be downloaded without passing by the Dolibarr wrapper) <sup>[*3]</sup> <sup>[*10]</sup>. Note: You must check that you did not choose the "'''document'''" directory (for upload files) to be in same directory neither in a sub-directory than the "'''htdocs'''" directory. You web virtual host must point to the htdocs directory only (and this directoy can/should be in read only mode). So any uploaded file (stored into the document directory) can't be download without using the wrapper page.
−