https://bugzilla.wikimedia.org/show_bug.cgi?id=60534
--- Comment #8 from Mayank <[email protected]> --- (In reply to Tyler Romeo from comment #7) > (In reply to Jackmcbarn from comment #0) > > Unless there's a reason not to > > The directory where MediaWiki is installed should not be writeable by the > web server. That's considered a security vulnerability since then the source > code of MediaWiki can be changed via the web interface if there is an > exploit. Generally the installation directory should be read-only to the web > server. > > Downloading LocalSettings.php rather than writing it is to encourage the > idea that you must SSH into your server in order to change files. The other > side of the argument is that when downloading LocalSettings.php you are > transmitting the database password over plaintext, but assuming you already > entered your database password on the installer form that is kind of a moot > issue. Thanks for pointing this out! Can we have a workaround say something which allows you to change the server writing permissions just for copying the LocalSettings.php and afterwards making it read-only ? Can this be done ? -- You are receiving this mail because: You are the assignee for the bug. You are on the CC list for the bug. _______________________________________________ Wikibugs-l mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
