Re: [Phpwiki-talk] configurator security problem

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

Reini Urban <ru...@x-...> wrote:

> I assume that anybody has access to the ADMIN and DSN passwords
> by using the configurator url.
> 
> How should that be solved? Kind'a bootstrapping problem.

Some thoughts:

1. Use a separate password file (or http auth) to hold (at least) the 
admin password.

2. If the password is set, make the configurator itself password 
protected. Then only the time between upload and first configuration 
is unsafe.

3. Old configuration (edit well commented php file) - my favourite 
solution.

Oliver