Thread: Cpanel Email per username -Simple extension
View Single Post
  #34  
Old 03-07-2006, 08:18 AM
Frugal Frugal is offline
 
Join Date: Nov 2001
Posts: 66
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
Great hack, however I tend to agree about the security, whilst it is true that many cms and other scripts have config files in known locations most have the permissions set to be non world readable or have them located in a .htaccess protected directory. Likewise should they be compromised only your forum or cms gets compromised. If CPANEL gets compromised then you are in deep doodoo as you could get completely locked out of your own server. As such I would definately move the cp_email_config.php into a safe place, outside of your web site's document root or at least protect it with .htaccess.

Easiest way to make it secure is to create a .htaccess file with the following content and drop it in the same directory

<Files cp_email_config.php>
order deny,allow
deny from all
</Files>


This will prevent anyone reading or downloading the file even if PHP was to stop running and should make it about as secure as it can be without moving the config file outside of the document root. Lebanon, how about including a .htaccess in the package, that way it is tightly locked up by default.

I have attached a .htaccess file to this post, just remove the .txt extension and upload it to the same directory as your cp_email_config.php file.

Frugal
Attached Files
File Type: (21.4 KB, 14 views)
Reply With Quote
 
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.01133 seconds
  • Memory Usage 1,780KB
  • Queries Executed 12 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD_SHOWPOST
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)post_thanks_box
  • (1)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (1)post_thanks_postbit_info
  • (1)postbit
  • (1)postbit_attachment
  • (1)postbit_onlinestatus
  • (1)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • reputationlevel
  • showthread
Included Files:
  • ./showpost.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_postinfo_query
  • fetch_postinfo
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showpost_start
  • bbcode_fetch_tags
  • bbcode_create
  • postbit_factory
  • showpost_post
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_attachment
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • showpost_complete