Hey MJ, I didn't realize that you were still in the Koha world. Nice to hear from you.
I meant that Apache shouldn't serve the template files because doing so is not useful and - as far as I know - it is unintended. I think having unintended consequences is something to be avoided, even if the consequence is not a security risk (this time). As you note though, my real motivation is better/easier management of static assets. (With a longer view to what is described here for separately deploying static assets: https://docs.djangoproject.com/en/dev/howto/static-files/deployment/) Lately, I've been thinking how Koha owes some success from being geared towards very simple deployments (achieved by just following the instructions on the wiki), but how it should be friendly to more complex and modern deployments too. David Cook Software Engineer Prosentient Systems 72/330 Wattle St Ultimo, NSW 2007 Australia Office: 02 9212 0899 Online: 02 8005 0595 -----Original Message----- From: Koha-devel <koha-devel-boun...@lists.koha-community.org> On Behalf Of MJ Ray Sent: Monday, 17 August 2020 11:16 PM To: koha-devel@lists.koha-community.org Subject: Re: [Koha-devel] Move .tt files out of "htdocs" and into separate "tt" or "templates" directory On Wed, 5 Aug 2020 17:28:47 +1000 <dc...@prosentient.com.au> wrote: > We should move all the .tt files out of the > /usr/share/koha/intranet/htdocs and /usr/share/koha/opac/htdocs > directories and put them somewhere private like /usr/share/koha/tt or > /usr/share/koha/templates. > > At the moment, Apache is serving these files to anyone who asks for > them, and it really shouldn't. Why shouldn't it? Do they contain anything sensitive that people couldn't discover by looking in the koha sources? > Having these files in the "htdocs" directories also makes it harder to > manage actual static assets that are served to Koha users. That seems like a far stronger reason not to do it. > I've opened a Bugzilla report for it: > https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=26140 Cool. Thanks. Regards, -- MJR http://mjr.towers.org.uk/ Member of http://www.software.coop/ (but this email is my personal view only) _______________________________________________ Koha-devel mailing list Koha-devel@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-devel website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
signature.asc
Description: PGP signature
_______________________________________________ Koha-devel mailing list Koha-devel@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-devel website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
