Re: [Phpwiki-talk] solution to admin.php problem

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

>   On machines where httpd runs as 'nobody' (or similar), admin.php must
>   be world readable.  This allows anyone with an account on the machine
>   access to the username and password in admin.php (same problem for
>   the sql password in config.inc).

Solution for admin.php: stored an md5() hash and not the user and/or=20
password itself.

I can't think of a solution for config.php.
This is actually much more serious then the admin password.

Don't fix admin.php until you found a fix for config.php -- gives a false=
=20
sense of security.

/Arno