Vendor directory security check: Difference between revisions
From MoodleDocs
David Mudrak (talk | contribs) (Initial version of the page, with the info simply copied from Moodle) |
Helen Foster (talk | contribs) m (Tsala moved page report/security/report security check vendordir to Vendor directory security check) |
||
(3 intermediate revisions by 3 users not shown) | |||
Line 1: | Line 1: | ||
{{Security overview report}} | |||
'''The vendor directory should not be present on public sites.''' | '''The vendor directory should not be present on public sites.''' | ||
The vendor | The directory <tt>vendor</tt> inside the Moodle dirroot contains various third-party libraries and their dependencies, typically installed by the PHP Composer. It may be needed for local development, such as for installing the PHPUnit framework. But it can also contain potentially dangerous code exposing your site to remote attacks. | ||
It is strongly recommended to remove the directory if the site is available via a public URL, or at least prohibit web access to it. | It is strongly recommended to remove the directory if the site is available via a public URL, or at least prohibit web access to it. | ||
[[es:report/security/report security check vendordir]] |
Latest revision as of 07:32, 19 September 2017
The vendor directory should not be present on public sites.
The directory vendor inside the Moodle dirroot contains various third-party libraries and their dependencies, typically installed by the PHP Composer. It may be needed for local development, such as for installing the PHPUnit framework. But it can also contain potentially dangerous code exposing your site to remote attacks.
It is strongly recommended to remove the directory if the site is available via a public URL, or at least prohibit web access to it.