[Phpmyadmin-devel] config.inc.php - world readable
Marc Delisle
Marc.Delisle at cegepsherbrooke.qc.ca
Thu Dec 15 07:45:05 CET 2005
Sebastian Mendel a écrit :
> Hi,
>
> what exactly is the problem with config.inc.php being world readable?
Everyone can see your user/password (when using "config" auth type).
>
> issnt every file readable by the web server 'somehow' world readable?
>
Not on the servers I manage. The owner is each user, the group is
"apache", and world cannot read. But on sf.net we can't do that because
owner is each user, group is the project name.
> and issnt it so if
>
> /www is only user and group readable
>
> that
>
> /www/myweb/config.inc.php
>
> is secure enough?
>
> or is this just a sf.net specific problem, cause all webroots are world
> readable?
>
>
> (btw. i am a little bit annoyed by the fact that i have now set my read
> only flag for config.inc.php after every change on it on my developer
> machine (Windows))
>
Hmmm ?
More information about the Developers
mailing list