Page 1 of 1
config.php
Posted: Thu Jul 16, 2009 11:02 am
by gap_tooth_clan
Just started thinking about site security, should config.php be in the root?
What are the correct permissions for config.php.
Re: config.php
Posted: Thu Jul 16, 2009 11:08 am
by Coldman
I've config.php in root and premissions 444
Never got any problems with that.
Re: config.php
Posted: Thu Jul 16, 2009 1:17 pm
by gap_tooth_clan
444 allows everyone to read, does that mean it could be accessed by a script from another url and output to the screen either using fopen or the file print to screen command that I cant think of.
Re: config.php
Posted: Thu Jul 16, 2009 3:15 pm
by Pierre M.
444 means everybody can read, including other users sharing the hosting reading your secret database credentials.
But good hosting providers use patches to compartmentalize their shared computers.
Hence only your hosting provider (its FAQ?) has the final anwser.
Pierre M.
Re: config.php
Posted: Thu Jul 16, 2009 3:50 pm
by cyberman
You can put config.php outside the (CMSms) root and include it from there
.
But it's easier to put something like this to your .htaccess file
Code: Select all
# Deny access to config.php
<Files "config.php">
order allow,deny
deny from all
</Files>
and nobody can read it.