Hi,
what exactly is the problem with config.inc.php being world readable?
issnt every file readable by the web server 'somehow' world readable?
and issnt it so if
/www is only user and group readable
that
/www/myweb/config.inc.php
is secure enough?
or is this just a sf.net specific problem, cause all webroots are world readable?
(btw. i am a little bit annoyed by the fact that i have now set my read only flag for config.inc.php after every change on it on my developer machine (Windows))
Sebastian Mendel a écrit :
Hi,
what exactly is the problem with config.inc.php being world readable?
Everyone can see your user/password (when using "config" auth type).
issnt every file readable by the web server 'somehow' world readable?
Not on the servers I manage. The owner is each user, the group is "apache", and world cannot read. But on sf.net we can't do that because owner is each user, group is the project name.
and issnt it so if
/www is only user and group readable
that
/www/myweb/config.inc.php
is secure enough?
or is this just a sf.net specific problem, cause all webroots are world readable?
(btw. i am a little bit annoyed by the fact that i have now set my read only flag for config.inc.php after every change on it on my developer machine (Windows))
Hmmm ?
Hi
On Thu, 15 Dec 2005 16:22:06 +0100 Sebastian Mendel lists@sebastianmendel.de wrote:
what exactly is the problem with config.inc.php being world readable?
issnt every file readable by the web server 'somehow' world readable?
and issnt it so if
/www is only user and group readable
that
/www/myweb/config.inc.php
is secure enough?
or is this just a sf.net specific problem, cause all webroots are world readable?
(btw. i am a little bit annoyed by the fact that i have now set my read only flag for config.inc.php after every change on it on my developer machine (Windows))
You're probably talking about check whether config.inc.php is world *writable*? That is check I added to Config.class.php. I expected that stat will fail on Windows, but maybe it would be better to disable this check for Windows.
-
Marc Delisle -
Michal Čihař -
Sebastian Mendel