I thought my eyes tell me lies when I saw a web.config file while browsing a directory with directoryBrowse set to true. Everyone could see there is a web.config file in this directory and also in any subdirectory where I had one and for which directory
browsing was enabled. Although people would see a 404 when trying to open that document I really don't like it there in the first place. I simply added the attribute hidden to the file which removed it from the file list when browsing to the URI. Why didn't
you make those web.config files hidden by default? Would be much nicer!
↧
Make web.config files hidden by default!!
↧