So . . . for those people who think this is overkill . . . why don't you list the steps a novice Unix/Linux board owner should take to ensure that the config.php (containing the DB name, DB user name, Password) cannot be ripped by a hacker?
Or point to a post that details the nuts and bolts.
As for me, I keep all my sensitive stuff behind the scenes as a matter of course.
Most tools, like automated backup scripts for example, enable you to reference your settings away from the publicy accessible areas.
Who the heck knows when some warped genius will publish/sell techniques that invalidate access settings that we currently set up via chmod.
|