How to secure Modules?

Nov 18, 2010 at 3:51 AM

I am looking for advice on how to secure modules package.

AFAIK, All modules are stored in /OrchardLocal/Modules now if attacker know we are power by Orchard they could navigate to the path (/Modules) and all the modules will list out they can navigate into /bin of each module who know what next?

So back to the question? What is the best practise to secure modules?

Coordinator
Nov 18, 2010 at 3:52 AM

No they couldn't. Try it.

Nov 18, 2010 at 3:58 AM

I build and run via ASP.NET Development Server may be that why I can surf to http://localhost:30320/OrchardLocal/Modules/ and see all contents.

Coordinator
Nov 18, 2010 at 4:17 AM

That is because your development server is configured to show lists of files when you navigate to a folder name. Try it on IIS or on a hoster's server. No production server is configured like that by default. You would have to go out of your way and grossly misconfigure it to get the same result.

Coordinator
Nov 18, 2010 at 4:18 AM

Also, the dev server canb't be accessed from any machine but your own.