Accessibility of the Directories /tmp and /media

The two directories „/tmp“ and „/media“ in the Portalsuite subdirectory are accessible via the Portalsuite 2002-domain / IP if someone knows these directory names. Although this is normally merely about graphic files of the media archive, this circumstance represents a security relevant gap.

Solution: The directories „/tmp“ and „/media“ are switched into a section of the hard disk, which is located outside of the Portalsuite directory and its upper parent directories are not accessible per web browser via the web server anymore.

Therefore the Portalsuite 2002 still can access the data and directories, you have to give the Portalsuite the absolute (complete) directory path. Thereto call the „global variables editor“ in the Reseller Center and alter the two variables „MediaPath“ and „TmpPath“ correspondingly.