Hello I'm new so I hope this is in the right place. I tried to create a new topic in the Help section but was not allowed to. I tried checking the 'Known Issues Pinned Thread' but it is not on the list of topic areas, or at least I can't find it. There doesn't seem to be a thread or section about the poor security of the files in the root folder. I have perhaps installed things wrongly but can't see where in the instructions the exact contents of the root folder is described. The instructions simply say to copy everything out of /usr/lib/owncoud and put it into /var/www/owncloud.
Having run the setup from the web interface and followed instructions to harden the installation by running the suggested script to change permissions, I am so worried about the poor security that I have un-installed owncloud pending a resolution of these concerns.
My web root directory includes several files that seem very insecure to me. These include:
https://{my-website}/owncloud/db_structure.xml which lists the database structure out on the browser.
https://{my-website}/owncloud/status.php which lists out on the browser information about which version of the software is being used and other info about versions of files.
There are other php files that provide information directly to anyone navigating to the web site and typing on the filenames, without them having to go through the login interface first. This feels very insecure.
Has anyone come across this before, is there a list of files that are essential so I can delete these ones, or maybe move them down out of the root directory so they can do their job but only from inside the authorised login web interface.
Many thanks.