YaBBSE security level is very high!

[pablo]

I don't understand!

I've looked in SSI.php and it has the line

Code Select Expand

$full_yabbse_path = "/home/httpd/html/yabbinfo/www/community";
and this sure ain't the path that's being used in my BB.

I just don't get it. It is obviously not accessing any files on my BB, as a result, so why do I not get any errors and what is the purpose of this code? My BB is functioning just fine with this strange path.

Thx for help,
Paul.

[Jeff Lewis]

Because you won't see an error unless you use the SSI.php functions.  People need to modify that to get it to work...

[pablo]

OK, so...
1. Do I need to alter $full_yabbse_path ?
2. If yes, then what do I change it to? Same as $boarddir?
3. When would the SSI functions get used? Is this Secure socket stuff?

[Hypocrite]

SSI is a feature which lets you add stuff from another page to another page. Let's say you have a news table on one page and then you have about 200 pages, all of them would need this news page but it would be a real drag to edit all the 200 pages whenever you add news. With SSI.php you can make a .html file with the table and then attach it with SSI to all the pages. Now you only need to edit the news file and all the other pages will have the changes.

[David]

Could a .htaccess file be used to exclude Setting.php from http requests.  I know you can deny access to directories but can you do it to files?

[David]

To protect your Settings.php file create a .htaccess file in your board's directory.  The contents of this file should be,

Code Select Expand

<Files Settings.php>
order allow,deny
deny from all
</Files>
You must also make sure Apache is configured to allow the File directive in your board's directory.  To do this edit your httpd.conf file and in your main server configuration make sure the "AllowOveride" directive contains the "Limit" option.

[groundup]

if you don't have access to your conf files, just ask your host