Sebastian Mendel a écrit :
Hi,
what exactly is the problem with config.inc.php being world readable?
Everyone can see your user/password (when using "config" auth type).
issnt every file readable by the web server 'somehow' world readable?
Not on the servers I manage. The owner is each user, the group is "apache", and world cannot read. But on sf.net we can't do that because owner is each user, group is the project name.
and issnt it so if
/www is only user and group readable
that
/www/myweb/config.inc.php
is secure enough?
or is this just a sf.net specific problem, cause all webroots are world readable?
(btw. i am a little bit annoyed by the fact that i have now set my read only flag for config.inc.php after every change on it on my developer machine (Windows))
Hmmm ?