[pmwiki-users] Using the cgi-bin directory

Peter & Melodye Bowers pbowers at pobox.com
Wed Apr 9 10:46:02 CDT 2008


>But if you are concerned about security, encrypt your password - then  
>it doesn't matter if others can see it. Just add "?action=crypt" to  
>the URL of any page on any pmwiki website to get a form to generate an  
>encrypted version of your password.
>
>Use encrypted passwords in your config.php and anywhere else that you  
>need to put a password.

Just to set my mind at ease...  The only way someone could get access to the
text within config.php is if they have physical access to the server or in
some other way have compromised the overall security of the server, right?
I mean, nobody with a browser could somehow look at the *contents* of a PHP
source, filee, could they?

I saw the instructions with ?action=crypt when installing but figured they
were optional.  If they are an essential part of security then I need to get
moving...

-Peter




More information about the pmwiki-users mailing list