Menu
▾
▴
Re: [Phpwiki-talk] 1.3.10 - config.ini location
|
From: Reini U. <ru...@x-...> - 2004-05-14 10:15:26
|
Jim Cheetham schrieb:
> By default, the 1.3.10 config.ini is placed within the public webspace
> for the wiki.
Oops, please everybody copy lib/.htaccess to config/
$ cp lib/.htaccess config/
> This means that it can be retrieved by anyone asking for
> http://<wikiname>/config/config.ini
>
> I don't feel very confortable about allowing that file to be returned by
> the web server, so I moved mine outside the DocumentRoot for my site,
> and amended the wiki index.php :-
>
> #IniConfig(dirname(__FILE__)."/config/config.ini");
> IniConfig("/var/www/docs/<site>/wiki-config.ini");
Matthew Palmers suggestion (the debian maintainer) to put it into
/etc/phpwiki/config.ini is also fine, provided that the apache user has
read permissions.
> Now, I expect that as PHP has to read this file, Apache can access it
> too, but because it's not within the DocumentRoot (in my case
> /var/www/docs/<site>/www) it is protected well-enough.
>
> The most sensitive piece of data in there would be the dsn password,
> which should have been locked down to the webhost only anyway, but that
> won't protect against users who share a common machine with others.
--
Reini Urban
http://xarch.tu-graz.ac.at/home/rurban/
|
