Page 1 of 1
Security: Can my conf.inc.php be viewed?
Posted: Sun 10. Feb 2008, 23:20
by Hoskissonite
When I view the conf.inc.php for phpwCMS, it lists my SQL user details, as well as the admin login name and password (albeit in encrypted format). I was wondering, if someone'd know the URl to the conf.inc.php file, could they view it, too?
Re: Security: Can my conf.inc.php be viewed?
Posted: Sun 10. Feb 2008, 23:26
by update
Did you try to view it yourself already?
Re: Security: Can my conf.inc.php be viewed?
Posted: Mon 11. Feb 2008, 09:47
by flopi
I tryed it on my localhost and on the web. All i can see is a blank site.
mfg
flopi
Re: Security: Can my conf.inc.php be viewed?
Posted: Tue 1. Apr 2008, 23:48
by Hoskissonite
Okay, so did I. Still, though, the config file listing is visible by just going to
http://www.mysite.com/phpwcms/config. Any ideas on how I can turn it off?
Re: Security: Can my conf.inc.php be viewed?
Posted: Wed 2. Apr 2008, 00:01
by Jensensen
[x]
Re: Security: Can my conf.inc.php be viewed?
Posted: Fri 4. Apr 2008, 07:52
by Oliver Georgi
conf.inc.php does not produce any output - so there is no way to get your private data displayed as long as the webserver is responsible loading the file. Another situation would be if any script could access the file in different way. But this is a general security issue - for every script.
Oliver