|
Access to the config.php file???
I was just wondering, couldn't someone who knows how vb works just download the config.php file and get access to the mysql username and password? There's gotta be some way to protect this from happening. I was thinking I could just make the includes directory access restricted but then I would think that vb wouldn't be able to access the file :ermm: Am I missing something here :speechless:
|
Just put an .htaccess file in there basically password protecting that directory and you should be fine
|
No, you cannot just download it. Because it's a php file apache processes it and supplies you the output, not the source.
|
There have been a few reported cases of an Apache error in which case the php file gets downloaded (this happened to me once, too) so ever since then I've had htaccess set up on my /includes/ folder.
Really the AdminCP and ModCP are the only two folders that *should* have htaccess enabled on them. I currently use htaccess for the install, includes, and admincp folders. |
The only time a php file would get downloaded is in the event that the PHP libraries aren't working.
|
Quote:
I just tried to download the file and I save it to the desktop and it says downloading and then says its completed but then the file never appears.. Im assuming this is the security measure that is taken.. |
Ideally, what should the contents of that .htaccess be?
|
Quote:
But generally a username and an encrypted password for that particular directory your protecting http://www.www-ss.com/tutorials/htaccess/htaccess.htm |
Solid, thank you very much.
/me bookmarks that for coming over at work tomorrow. |
You're welcome (assuming that was directed towards me)
|
| All times are GMT. The time now is 05:11 PM. |
Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.
| X vBulletin 3.8.12 by vBS Debug Information | |
|---|---|
|
|
 More Information |
|
|
Template Usage:
Phrase Groups Available:
|
Included Files:
Hooks Called:
|