https://bugzilla.wikimedia.org/show_bug.cgi?id=60534
Tyler Romeo <[email protected]> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |[email protected] --- Comment #7 from Tyler Romeo <[email protected]> --- (In reply to Jackmcbarn from comment #0) > Unless there's a reason not to The directory where MediaWiki is installed should not be writeable by the web server. That's considered a security vulnerability since then the source code of MediaWiki can be changed via the web interface if there is an exploit. Generally the installation directory should be read-only to the web server. Downloading LocalSettings.php rather than writing it is to encourage the idea that you must SSH into your server in order to change files. The other side of the argument is that when downloading LocalSettings.php you are transmitting the database password over plaintext, but assuming you already entered your database password on the installer form that is kind of a moot issue. -- You are receiving this mail because: You are the assignee for the bug. You are on the CC list for the bug. _______________________________________________ Wikibugs-l mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
