In Install doc, it states that config.php should be changed to a read-only state (444) after installation.
On some shared servers, it is easily possible to browse other users home directories. It seems that by having config.php given read privileges for Group that this presents a security risk. Wouldn't it be more secure to set config.php to 400 or 404 rather than 444?
On the other hand, maybe I don't know what I'm talking about since permissions have always confused me.
Install doc and config.php permissions
Re: Install doc and config.php permissions
I would suggest that this isn't common practice and if your host doesn't provide a secure site for you and its other customers I would find another host.
I wouldn't want my hard work being ripped off by anyone unless I grant them access.
I wouldn't want my hard work being ripped off by anyone unless I grant them access.
Regards,
Sy
Sites built with CMSMS:
http://www.eska.co.uk, http://avasig.com, http://www.pygmygoats.co.uk, http://www.agsbuildersltd.com, http://onlineslotracing.com
Sy
Sites built with CMSMS:
http://www.eska.co.uk, http://avasig.com, http://www.pygmygoats.co.uk, http://www.agsbuildersltd.com, http://onlineslotracing.com
Re: Install doc and config.php permissions
Well you may be right but of what use is it to provide read access to Group anyway? Why would Group need access of any sort to the config.php file?
Re: Install doc and config.php permissions
I just checked my own site permissions and it also has group read permissions 644...although my host doesn't allow me to browse any other space other than my own.
Regards,
Sy
Sites built with CMSMS:
http://www.eska.co.uk, http://avasig.com, http://www.pygmygoats.co.uk, http://www.agsbuildersltd.com, http://onlineslotracing.com
Sy
Sites built with CMSMS:
http://www.eska.co.uk, http://avasig.com, http://www.pygmygoats.co.uk, http://www.agsbuildersltd.com, http://onlineslotracing.com
