15 Dec
2005
15 Dec
'05
5:11 a.m.
Hi,
what exactly is the problem with config.inc.php being world readable?
issnt every file readable by the web server 'somehow' world readable?
and issnt it so if
/www is only user and group readable
that
/www/myweb/config.inc.php
is secure enough?
or is this just a sf.net specific problem, cause all webroots are world
readable?
(btw. i am a little bit annoyed by the fact that i have now set my read
only flag for config.inc.php after every change on it on my developer
machine (Windows))
--
Sebastian Mendel
www.sebastianmendel.de
www.sf.net/projects/phpdatetime | www.sf.net/projects/phptimesheet
15 Dec
15 Dec
5:45 a.m.
Sebastian Mendel a écrit :
Hi,
what exactly is the problem with config.inc.php being world readable?
Everyone can see your user/password (when using "config" auth type).
issnt every file readable by the web server 'somehow' world readable?
Not on the servers I manage. The owner is each user, the group is
"apache", and world cannot read. But on sf.net we can't do that because
owner is each user, group is the project name.
and issnt it so if
/www is only user and group readable
that
/www/myweb/config.inc.php
is secure enough?
or is this just a sf.net specific problem, cause all webroots are world
readable?
(btw. i am a little bit annoyed by the fact that i have now set my read
only flag for config.inc.php after every change on it on my developer
machine (Windows))
Hmmm ?
10:51 p.m.
New subject: [Phpmyadmin-devel] Re: config.inc.php - world readable
Hi
On Thu, 15 Dec 2005 16:22:06 +0100
Sebastian Mendel <lists(a)sebastianmendel.de> wrote:
what exactly is the problem with config.inc.php being
world readable?
issnt every file readable by the web server 'somehow' world readable?
and issnt it so if
/www is only user and group readable
that
/www/myweb/config.inc.php
is secure enough?
or is this just a sf.net specific problem, cause all webroots are world
readable?
(btw. i am a little bit annoyed by the fact that i have now set my read
only flag for config.inc.php after every change on it on my developer
machine (Windows))
You're probably talking about check whether config.inc.php is world
*writable*? That is check I added to Config.class.php. I expected
that stat will fail on Windows, but maybe it would be better to disable
this check for Windows.
--
Michal Čihař | http://cihar.com
6840
days inactive
6841
days old
2 comments
3 participants
participants (3)
-
Marc Delisle -
Michal Čihař -
Sebastian Mendel