[Phpmyadmin-devel] Re: config.inc.php - world readable
Michal Čihař
michal at cihar.com
Fri Dec 16 00:51:02 CET 2005
Hi
On Thu, 15 Dec 2005 16:22:06 +0100
Sebastian Mendel <lists at sebastianmendel.de> wrote:
> what exactly is the problem with config.inc.php being world readable?
>
> issnt every file readable by the web server 'somehow' world readable?
>
> and issnt it so if
>
> /www is only user and group readable
>
> that
>
> /www/myweb/config.inc.php
>
> is secure enough?
>
> or is this just a sf.net specific problem, cause all webroots are world
> readable?
>
>
> (btw. i am a little bit annoyed by the fact that i have now set my read
> only flag for config.inc.php after every change on it on my developer
> machine (Windows))
You're probably talking about check whether config.inc.php is world
*writable*? That is check I added to Config.class.php. I expected
that stat will fail on Windows, but maybe it would be better to disable
this check for Windows.
--
Michal Čihař | http://cihar.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://lists.phpmyadmin.net/pipermail/developers/attachments/20051216/8c77c1b2/attachment.sig>
More information about the Developers
mailing list