https://bugzilla.wikimedia.org/show_bug.cgi?id=60534

--- Comment #8 from Mayank <mayank25080...@gmail.com> ---
(In reply to Tyler Romeo from comment #7)
> (In reply to Jackmcbarn from comment #0)
> > Unless there's a reason not to
> 
> The directory where MediaWiki is installed should not be writeable by the
> web server. That's considered a security vulnerability since then the source
> code of MediaWiki can be changed via the web interface if there is an
> exploit. Generally the installation directory should be read-only to the web
> server.
> 
> Downloading LocalSettings.php rather than writing it is to encourage the
> idea that you must SSH into your server in order to change files. The other
> side of the argument is that when downloading LocalSettings.php you are
> transmitting the database password over plaintext, but assuming you already
> entered your database password on the installer form that is kind of a moot
> issue.

Thanks for pointing this out! Can we have a workaround say something which
allows you to change the server writing permissions just for copying the
LocalSettings.php and afterwards making it read-only ? Can this be done ?

-- 
You are receiving this mail because:
You are the assignee for the bug.
You are on the CC list for the bug.
_______________________________________________
Wikibugs-l mailing list
Wikibugs-l@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikibugs-l

Reply via email to