[pmwiki-users] Using the cgi-bin directory
Patrick R. Michaud
pmichaud at pobox.com
Wed Apr 9 12:32:14 CDT 2008
On Wed, Apr 09, 2008 at 05:46:02PM +0200, Peter & Melodye Bowers wrote:
> >But if you are concerned about security, encrypt your password - then
> >it doesn't matter if others can see it. Just add "?action=crypt" to
> >the URL of any page on any pmwiki website to get a form to generate an
> >encrypted version of your password.
> >Use encrypted passwords in your config.php and anywhere else that you
> >need to put a password.
> Just to set my mind at ease... The only way someone could get access to the
> text within config.php is if they have physical access to the server or in
> some other way have compromised the overall security of the server, right?
> I mean, nobody with a browser could somehow look at the *contents* of a PHP
> source, filee, could they?
In general it's very difficult to view the contents of a PHP file
from a browser. In the case of local/config.php, usually one of
two things happens:
1. The .htaccess file that is in the local/ directory prevents
a browser from viewing config.php
2. The webserver sees that config.php is a PHP script and executes it.
Of course, since the script generally does little more than set variables
or load recipes, the browser gets back a blank page or a page with an
error message on it.
More information about the pmwiki-users