On Wed, Apr 09, 2008 at 05:46:02PM +0200, Peter & Melodye Bowers wrote: > >But if you are concerned about security, encrypt your password - then > >it doesn't matter if others can see it. Just add "?action=crypt" to > >the URL of any page on any pmwiki website to get a form to generate an > >encrypted version of your password. > > > >Use encrypted passwords in your config.php and anywhere else that you > >need to put a password. > > Just to set my mind at ease... The only way someone could get access to the > text within config.php is if they have physical access to the server or in > some other way have compromised the overall security of the server, right? > I mean, nobody with a browser could somehow look at the *contents* of a PHP > source, filee, could they?
In general it's very difficult to view the contents of a PHP file from a browser. In the case of local/config.php, usually one of two things happens: 1. The .htaccess file that is in the local/ directory prevents a browser from viewing config.php 2. The webserver sees that config.php is a PHP script and executes it. Of course, since the script generally does little more than set variables or load recipes, the browser gets back a blank page or a page with an error message on it. Pm _______________________________________________ pmwiki-users mailing list [email protected] http://www.pmichaud.com/mailman/listinfo/pmwiki-users
