[Phpmyadmin-devel] config.inc.php - world readable
Marc.Delisle at cegepsherbrooke.qc.ca
Thu Dec 15 07:45:05 CET 2005
Sebastian Mendel a écrit :
> what exactly is the problem with config.inc.php being world readable?
Everyone can see your user/password (when using "config" auth type).
> issnt every file readable by the web server 'somehow' world readable?
Not on the servers I manage. The owner is each user, the group is
"apache", and world cannot read. But on sf.net we can't do that because
owner is each user, group is the project name.
> and issnt it so if
> /www is only user and group readable
> is secure enough?
> or is this just a sf.net specific problem, cause all webroots are world
> (btw. i am a little bit annoyed by the fact that i have now set my read
> only flag for config.inc.php after every change on it on my developer
> machine (Windows))
More information about the Developers