Security: Can my conf.inc.php be viewed?
-
Hoskissonite
- Posts: 7
- Joined: Thu 7. Feb 2008, 16:55
Security: Can my conf.inc.php be viewed?
When I view the conf.inc.php for phpwCMS, it lists my SQL user details, as well as the admin login name and password (albeit in encrypted format). I was wondering, if someone'd know the URl to the conf.inc.php file, could they view it, too?
Re: Security: Can my conf.inc.php be viewed?
Did you try to view it yourself already?
It's mostly all about maintaining two or three customer's sites Still supporter for the band Mykket Morton. Visit Mykket Morton on FB. Listen Mykket Morton and live videos on youtube.
Now building a venue for young artists to get wet on stage, rehearsal rooms, a studio, a guitar shop - yes I'm going to build some guitars.
Now building a venue for young artists to get wet on stage, rehearsal rooms, a studio, a guitar shop - yes I'm going to build some guitars.
Re: Security: Can my conf.inc.php be viewed?
I tryed it on my localhost and on the web. All i can see is a blank site.
mfg
flopi
mfg
flopi
(\_/)
(0.o)
(> <)
Das ist Bunny. Kopiere Bunny in deine Signatur, um ihm auf seinem Weg zur Weltherrschaft zu helfen!
(0.o)
(> <)
Das ist Bunny. Kopiere Bunny in deine Signatur, um ihm auf seinem Weg zur Weltherrschaft zu helfen!
-
Hoskissonite
- Posts: 7
- Joined: Thu 7. Feb 2008, 16:55
Re: Security: Can my conf.inc.php be viewed?
Okay, so did I. Still, though, the config file listing is visible by just going to http://www.mysite.com/phpwcms/config. Any ideas on how I can turn it off?
-
Oliver Georgi
- Site Admin
- Posts: 9906
- Joined: Fri 3. Oct 2003, 22:22
- Contact:
Re: Security: Can my conf.inc.php be viewed?
conf.inc.php does not produce any output - so there is no way to get your private data displayed as long as the webserver is responsible loading the file. Another situation would be if any script could access the file in different way. But this is a general security issue - for every script.
Oliver
Oliver