Tyler Romeo <> changed:

           What    |Removed                     |Added
                 CC|                            |

--- Comment #7 from Tyler Romeo <> ---
(In reply to Jackmcbarn from comment #0)
> Unless there's a reason not to

The directory where MediaWiki is installed should not be writeable by the web
server. That's considered a security vulnerability since then the source code
of MediaWiki can be changed via the web interface if there is an exploit.
Generally the installation directory should be read-only to the web server.

Downloading LocalSettings.php rather than writing it is to encourage the idea
that you must SSH into your server in order to change files. The other side of
the argument is that when downloading LocalSettings.php you are transmitting
the database password over plaintext, but assuming you already entered your
database password on the installer form that is kind of a moot issue.

You are receiving this mail because:
You are the assignee for the bug.
You are on the CC list for the bug.
Wikibugs-l mailing list

Reply via email to