Skip to content
Grav 2.0 is officially stable. Read the announcement →

Community guidelines

Please keep discussions civil and on-topic. Repeated violations may lead to a temporary ban.

Log in Register
Support

How to hide configuration files

first-time

Started by Diego Cabral 4 years ago · 0 replies · 325 views
4 years ago

Hello!

I have inherited a Grav project.
Many files under the /user/config folder (security.yaml, for example) and the /user/accounts.yaml folder are public. That is, any user that knows the right path can access these files on our production server.

Is this expected behaviour? Or did the previous admin make a mistake during configuration?
If this isn't expected, how can I make these pages "private"? I don't think they should be exposed publicly.

Suggested topics

Topic Participants Replies Views Activity
Multisite in subdirectory
Support · by Thomas, 1 week ago
2 57 15 hours ago
How to listen for GET requests instead of POST requests?
Support · by Anna, 3 days ago
2 65 18 hours ago
Twig not processing in 2.0.0
Support · by Justin Young, 18 hours ago
1 33 18 hours ago
Form: GRAV.Yes translation key
Support · by Duc , 1 week ago
2 68 5 days ago
Installing Grav on Windows 11
Support · by Colin Hume, 1 week ago
2 60 6 days ago