Thank you everybody for your advice with my installation! I've moved the installation out of cgi-bin, and I'm now using an encrypted password (generated by ?action=crypt) in the config.php, just in case.
I really appreciate how helpful this community has been. - Bill On Wed, Apr 9, 2008 at 10:32 AM, Patrick R. Michaud <[EMAIL PROTECTED]> wrote: > On Wed, Apr 09, 2008 at 05:46:02PM +0200, Peter & Melodye Bowers wrote: > > >But if you are concerned about security, encrypt your password - then > > >it doesn't matter if others can see it. Just add "?action=crypt" to > > >the URL of any page on any pmwiki website to get a form to generate an > > >encrypted version of your password. > > > > > >Use encrypted passwords in your config.php and anywhere else that you > > >need to put a password. > > > > Just to set my mind at ease... The only way someone could get access to > the > > text within config.php is if they have physical access to the server or > in > > some other way have compromised the overall security of the server, > right? > > I mean, nobody with a browser could somehow look at the *contents* of a > PHP > > source, filee, could they? > > In general it's very difficult to view the contents of a PHP file > from a browser. In the case of local/config.php, usually one of > two things happens: > > 1. The .htaccess file that is in the local/ directory prevents > a browser from viewing config.php > > 2. The webserver sees that config.php is a PHP script and executes it. > Of course, since the script generally does little more than set variables > or load recipes, the browser gets back a blank page or a page with an > error message on it. > > Pm > > _______________________________________________ > pmwiki-users mailing list > [email protected] > http://www.pmichaud.com/mailman/listinfo/pmwiki-users >
_______________________________________________ pmwiki-users mailing list [email protected] http://www.pmichaud.com/mailman/listinfo/pmwiki-users
