How to secure Modules?

Nov 18, 2010 at 2:51 AM

I am looking for advice on how to secure modules package.

AFAIK, All modules are stored in /OrchardLocal/Modules now if attacker know we are power by Orchard they could navigate to the path (/Modules) and all the modules will list out they can navigate into /bin of each module who know what next?

So back to the question? What is the best practise to secure modules?

Nov 18, 2010 at 2:52 AM

No they couldn't. Try it.

Nov 18, 2010 at 2:58 AM

I build and run via ASP.NET Development Server may be that why I can surf to http://localhost:30320/OrchardLocal/Modules/ and see all contents.

Nov 18, 2010 at 3:17 AM

That is because your development server is configured to show lists of files when you navigate to a folder name. Try it on IIS or on a hoster's server. No production server is configured like that by default. You would have to go out of your way and grossly misconfigure it to get the same result.

Nov 18, 2010 at 3:18 AM

Also, the dev server canb't be accessed from any machine but your own.