Thank you everybody for your advice with my installation!<br><br>I've moved the installation out of cgi-bin, and I'm now using an encrypted password (generated by ?action=crypt) in the config.php, just in case.<br>
<br>I really appreciate how helpful this community has been.<br><br>- Bill<br><br><div class="gmail_quote">On Wed, Apr 9, 2008 at 10:32 AM, Patrick R. Michaud <<a href="mailto:pmichaud@pobox.com">pmichaud@pobox.com</a>> wrote:<br>
<blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;"><div class="Ih2E3d">On Wed, Apr 09, 2008 at 05:46:02PM +0200, Peter & Melodye Bowers wrote:<br>
> >But if you are concerned about security, encrypt your password - then<br>
> >it doesn't matter if others can see it. Just add "?action=crypt" to<br>
> >the URL of any page on any pmwiki website to get a form to generate an<br>
> >encrypted version of your password.<br>
> ><br>
> >Use encrypted passwords in your config.php and anywhere else that you<br>
> >need to put a password.<br>
><br>
> Just to set my mind at ease... The only way someone could get access to the<br>
> text within config.php is if they have physical access to the server or in<br>
> some other way have compromised the overall security of the server, right?<br>
> I mean, nobody with a browser could somehow look at the *contents* of a PHP<br>
> source, filee, could they?<br>
<br>
</div>In general it's very difficult to view the contents of a PHP file<br>
from a browser. In the case of local/config.php, usually one of<br>
two things happens:<br>
<br>
1. The .htaccess file that is in the local/ directory prevents<br>
a browser from viewing config.php<br>
<br>
2. The webserver sees that config.php is a PHP script and executes it.<br>
Of course, since the script generally does little more than set variables<br>
or load recipes, the browser gets back a blank page or a page with an<br>
error message on it.<br>
<font color="#888888"><br>
Pm<br>
</font><div><div></div><div class="Wj3C7c"><br>
_______________________________________________<br>
pmwiki-users mailing list<br>
<a href="mailto:pmwiki-users@pmichaud.com">pmwiki-users@pmichaud.com</a><br>
<a href="http://www.pmichaud.com/mailman/listinfo/pmwiki-users" target="_blank">http://www.pmichaud.com/mailman/listinfo/pmwiki-users</a><br>
</div></div></blockquote></div><br>