Hi
On Thu, 15 Dec 2005 16:22:06 +0100 Sebastian Mendel lists@sebastianmendel.de wrote:
what exactly is the problem with config.inc.php being world readable?
issnt every file readable by the web server 'somehow' world readable?
and issnt it so if
/www is only user and group readable
that
/www/myweb/config.inc.php
is secure enough?
or is this just a sf.net specific problem, cause all webroots are world readable?
(btw. i am a little bit annoyed by the fact that i have now set my read only flag for config.inc.php after every change on it on my developer machine (Windows))
You're probably talking about check whether config.inc.php is world *writable*? That is check I added to Config.class.php. I expected that stat will fail on Windows, but maybe it would be better to disable this check for Windows.