CiviCRM Community Forums (archive)

*

News:

Have a question about CiviCRM?
Get it answered quickly at the new
CiviCRM Stack Exchange Q+A site

This forum was archived on 25 November 2017. Learn more.
How to get involved.
What to do if you think you've found a bug.



  • CiviCRM Community Forums (archive) »
  • Old sections (read-only, deprecated) »
  • Support »
  • Using CiviCRM »
  • Using CiviEvent (Moderator: Yashodha Chaku) »
  • Why does CiviEvent access /administrator/ in joomla? Have a .htaccess password
Pages: [1]

Author Topic: Why does CiviEvent access /administrator/ in joomla? Have a .htaccess password  (Read 403 times)

dwebb

  • I’m new here
  • *
  • Posts: 13
  • Karma: 0
  • CiviCRM version: 4.2
  • CMS version: Joomla 2.5.6
  • MySQL version: 5.5.22
  • PHP version: 5.3.10
Why does CiviEvent access /administrator/ in joomla? Have a .htaccess password
December 12, 2012, 10:16:50 pm
I have a .htaccess password protection around my /administrator/ directory as an extra added level of security so that people can't just scan the /administrator/ path looking for an exploitable Joomla component.

Why is CiviEvent trying to access that path for a public facing event?  The access_log shows it just requesting javascript files:

GET /administrator/components/com_civicrm/civicrm/js/jquery/jquery.crmeditable.js
GET /administrator/components/com_civicrm/civicrm/js/jquery/jquery.crmaccordions.js

Each time I hit "cancel" on the authentication box it moves on to another JS file.   Eventually, if I hit it about 20-30 times, it'll show me the event without all of the benefits of the javascript making it look nice.

Is there a reason this has to be in the administrative side of the component?


Donald Lobo

  • Administrator
  • I’m (like) Lobo ;)
  • *****
  • Posts: 15963
  • Karma: 470
    • CiviCRM site
  • CiviCRM version: 4.2+
  • CMS version: Drupal 7, Joomla 2.5+
  • MySQL version: 5.5.x
  • PHP version: 5.4.x
Re: Why does CiviEvent access /administrator/ in joomla? Have a .htaccess password
December 13, 2012, 09:46:33 am

Yes, since we are keeping all the code on the admin side only, and the frontend is a simple wrapper to code in the backend

You might want to tweak your .htaccess file to allow images and js files to be accessed via the web

lobo
A new CiviCRM Q&A resource needs YOUR help to get started. Visit our StackExchange proposed site, sign up and vote on 5 questions

Pages: [1]
  • CiviCRM Community Forums (archive) »
  • Old sections (read-only, deprecated) »
  • Support »
  • Using CiviCRM »
  • Using CiviEvent (Moderator: Yashodha Chaku) »
  • Why does CiviEvent access /administrator/ in joomla? Have a .htaccess password

This forum was archived on 2017-11-26.