\item Folders, files, info over these data
\end{itemize}
-Our check reveals that the access control mechanisms are basically only a stub, and haven't been developed to their usually implied meaning, thus flattening the access control to the single aspect of being logged in or not. Hence, the main remaining security consideration deal with whether this login mechanism protects `back-end' objects from anonymous users.
+Our check reveals that the access control mechanisms are basically only a stub, and have not been developed to their usually implied meaning, thus flattening the access control to the single aspect of being logged in or not. Hence, the main remaining security consideration deal with whether this login mechanism protects `back-end' objects from anonymous users.
These are the results of our check:
\begin{result}
\begin{itemize}[leftmargin=*]
\item \code{.gitignore} is freely accessible, as well as any other dot-preceded file (except \code{.htaccess}, which is hidden by default Apache rules), as well as files such as \code{Thumbs.db} and \code{.DS\_Store}.
- \item Directory contents were listed in my simple setup. A global apache setting may disable by default, but the \code{.htaccess} file doesn't explicitly disable (with \code{Options -Indexes}), so that the \CMS{}'s code-base basically enables the listing by default.
+ \item Directory contents were listed in my simple setup. A global apache setting may disable by default, but the \code{.htaccess} file does not explicitly disable (with \code{Options -Indexes}), so that the \CMS{}'s code-base basically enables the listing by default.
\end{itemize}
\end{result}
This is described in more detail in item V2.6 on page~\pageref{auth:6}.
\end{result}
-\notapplicable{
+\notapplicable{%
\item
Verify that there is a centralized mechanism (including
libraries that call external authorization services) for
repositories / ssproject1617.git / blobdiff