16 Dec
2005
16 Dec
'05
3:51 a.m.
Hi
On Thu, 15 Dec 2005 16:22:06 +0100
Sebastian Mendel <lists(a)sebastianmendel.de> wrote:
what exactly is the problem with config.inc.php being
world readable?
issnt every file readable by the web server 'somehow' world readable?
and issnt it so if
/www is only user and group readable
that
/www/myweb/config.inc.php
is secure enough?
or is this just a sf.net specific problem, cause all webroots are world
readable?
(btw. i am a little bit annoyed by the fact that i have now set my read
only flag for config.inc.php after every change on it on my developer
machine (Windows))
You're probably talking about check whether config.inc.php is world
*writable*? That is check I added to Config.class.php. I expected
that stat will fail on Windows, but maybe it would be better to disable
this check for Windows.
--
Michal Čihař | http://cihar.com