Menu
▾
▴
[Phpwiki-talk] 1.3.10 - config.ini location
|
From: Jim C. <ji...@iN...> - 2004-05-14 03:53:58
|
By default, the 1.3.10 config.ini is placed within the public webspace
for the wiki.
This means that it can be retrieved by anyone asking for
http://<wikiname>/config/config.ini
I don't feel very confortable about allowing that file to be returned by
the web server, so I moved mine outside the DocumentRoot for my site,
and amended the wiki index.php :-
#IniConfig(dirname(__FILE__)."/config/config.ini");
IniConfig("/var/www/docs/<site>/wiki-config.ini");
Now, I expect that as PHP has to read this file, Apache can access it
too, but because it's not within the DocumentRoot (in my case
/var/www/docs/<site>/www) it is protected well-enough.
The most sensitive piece of data in there would be the dsn password,
which should have been locked down to the webhost only anyway, but that
won't protect against users who share a common machine with others.
--
-jim cheetham :: ji...@iN... :: m+64 21 177 8606
iNode :: effective computing in an interconnected world
|
