[Phpmyadmin-devel] Re: config.inc.php - world readable

Michal Čihař michal at cihar.com
Fri Dec 16 00:51:02 CET 2005


On Thu, 15 Dec 2005 16:22:06 +0100
Sebastian Mendel <lists at sebastianmendel.de> wrote:

> what exactly is the problem with config.inc.php being world readable?
> issnt every file readable by the web server 'somehow' world readable?
> and issnt it so if
>    /www is only user and group readable
> that
>    /www/myweb/config.inc.php
> is secure enough?
> or is this just a sf.net specific problem, cause all webroots are world 
> readable?
> (btw. i am a little bit annoyed by the fact that i have now set my read 
> only flag for config.inc.php after every change on it on my developer 
> machine (Windows))

You're probably talking about check whether config.inc.php is world
*writable*? That is check I added to Config.class.php. I expected
that stat will fail on Windows, but maybe it would be better to disable
this check for Windows.

	Michal Čihař | http://cihar.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://lists.phpmyadmin.net/pipermail/developers/attachments/20051216/8c77c1b2/attachment.sig>

More information about the Developers mailing list