Aryeh Gregor wrote:
In that case, I think
AdminSettings.php is certainly a good idea, so it could be readable
only to root and not the web server.
only by /root/?
If an attacker has read access to your AdminSettings.php he might as
well have write permissions.
He just needs to change your
On Fri, Aug 7, 2009 at 5:18 AM, Platonidesplatoni...@gmail.com wrote:
only by /root/?
Well, or otherwise not readable by the web server, like 640
root:admins. You're right that there's no reason to run a PHP script
as root if you only need root DB access, of course.
Maintenance scripts
I have fixed 5 bugs in /tests/ and added one feature to run-tests.php (a
--runall option so testers can run the PHPUnit tests without using make -
although make test still works). With these changes all of the tests in /tests/
now work. A unified diff patch is attached to bug ticket 20077.
I
dan nessett dness...@yahoo.com wrote in message
news:630381.19130...@web32503.mail.mud.yahoo.com...
I also would appreciate some feedback on the following question. One of
the tests referenced the global variables $wgDBadminname and
$wgDBadminuser. When I ran the configuration script during
On Thu, Aug 6, 2009 at 12:56 PM, Happy-melonhappy-me...@live.com wrote:
dan nessett dness...@yahoo.com wrote in message
news:630381.19130...@web32503.mail.mud.yahoo.com...
I also would appreciate some feedback on the following question. One of
the tests referenced the global variables
On Thu, Aug 6, 2009 at 1:05 PM, Chadinnocentkil...@gmail.com wrote:
HM is right on what these users are for. Some (not all) maintenance
scripts require higher permissions than your normal $wgDBuser, so
$wgDBadminuser is supposed to have those privileges.
$wgDBuser needs to have DELETE rights
On Thu, Aug 6, 2009 at 1:20 PM, Aryeh
Gregorsimetrical+wikil...@gmail.com wrote:
On Thu, Aug 6, 2009 at 1:05 PM, Chadinnocentkil...@gmail.com wrote:
HM is right on what these users are for. Some (not all) maintenance
scripts require higher permissions than your normal $wgDBuser, so
On 8/6/09 10:30 AM, Chad wrote:
Depends on which maintenance script you're talking about. Update.php
certainly does, as does renameDbPrefix (just to grab one off the top of
my head). The vast majority of scripts can function just fine with normal
DB access. Some (mcc and digit2html, to name a
On Thu, Aug 6, 2009 at 3:04 PM, Brion Vibberbr...@wikimedia.org wrote:
On 8/6/09 10:30 AM, Chad wrote:
Depends on which maintenance script you're talking about. Update.php
certainly does, as does renameDbPrefix (just to grab one off the top of
my head). The vast majority of scripts can
On 8/6/09 12:10 PM, Chad wrote:
Right, which is what my idea behind getDbType() was (which still needs
actual implementation, it's more an idea than practice at the moment).
If we don't need root DB access, we shouldn't be using it! If we don't need
DB access at all, don't bother connecting.
10 matches
Mail list logo
