Just started thinking about site security, should config.php be in the root?
What are the correct permissions for config.php.
config.php
Re: config.php
I've config.php in root and premissions 444
Never got any problems with that.
Never got any problems with that.
Important Code of Conduct
Why don't use CMSMS Docs or search?
Do you read Help?
Admin for Swedish Translations Team
Moderator Swedish Forum
After your problem is solved, push the green button
Why don't use CMSMS Docs or search?
Do you read Help?
Admin for Swedish Translations Team
Moderator Swedish Forum
After your problem is solved, push the green button
-
gap_tooth_clan
Re: config.php
444 allows everyone to read, does that mean it could be accessed by a script from another url and output to the screen either using fopen or the file print to screen command that I cant think of.
-
Pierre M.
Re: config.php
444 means everybody can read, including other users sharing the hosting reading your secret database credentials.
But good hosting providers use patches to compartmentalize their shared computers.
Hence only your hosting provider (its FAQ?) has the final anwser.
Pierre M.
But good hosting providers use patches to compartmentalize their shared computers.
Hence only your hosting provider (its FAQ?) has the final anwser.
Pierre M.
-
cyberman
Re: config.php
You can put config.php outside the (CMSms) root and include it from there 
.
But it's easier to put something like this to your .htaccess file
and nobody can read it.
.But it's easier to put something like this to your .htaccess file
Code: Select all
# Deny access to config.php
<Files "config.php">
order allow,deny
deny from all
</Files>