The Arcive of Official vBulletin Modifications Site.It is not a VB3 engine, just a parsed copy! |
|
|
#1
01-18-2006, 07:41 AM
|
|||
|
|||
Access to the config.php file???
I was just wondering, couldn't someone who knows how vb works just download the config.php file and get access to the mysql username and password? There's gotta be some way to protect this from happening. I was thinking I could just make the includes directory access restricted but then I would think that vb wouldn't be able to access the file :ermm: Am I missing something here :speechless:
|
|
#4
01-19-2006, 03:13 AM
|
|||
|
|||
|
There have been a few reported cases of an Apache error in which case the php file gets downloaded (this happened to me once, too) so ever since then I've had htaccess set up on my /includes/ folder.
Really the AdminCP and ModCP are the only two folders that *should* have htaccess enabled on them. I currently use htaccess for the install, includes, and admincp folders.
|
|
#5
01-19-2006, 03:17 AM
|
|||
|
|||
|
The only time a php file would get downloaded is in the event that the PHP libraries aren't working.
|
|
#6
01-19-2006, 03:26 AM
|
|||
|
|||
|
Quote:
I just tried to download the file and I save it to the desktop and it says downloading and then says its completed but then the file never appears.. Im assuming this is the security measure that is taken..
|
|
#7
01-19-2006, 03:27 AM
|
|||
|
|||
|
Ideally, what should the contents of that .htaccess be?
|
|
#8
01-19-2006, 03:29 AM
|
||||
|
||||
|
Quote:
But generally a username and an encrypted password for that particular directory your protecting http://www.www-ss.com/tutorials/htaccess/htaccess.htm
|
|
#9
01-19-2006, 03:40 AM
|
|||
|
|||
|
Solid, thank you very much.
/me bookmarks that for coming over at work tomorrow.
|
 |
«
Previous Thread
|
Next Thread
»
Linear Mode
|
|
All times are GMT. The time now is 12:50 AM.