Welcome to WebmasterWorld Guest from 188.8.131.52
Forum Moderators: rogerd
I plan to test this out myself as soon as i get a little time.
So, if some experienced Mod or Admin can advise me on how to properly secure sensitive data in php scripts.
Thanks in advance
That being said, a few months back I did have a customer's server go nuts and start displaying php files as text, which subsequently left open the config.php (containing database passwords) to the public -- for anyone who knew where to look. It was an easy fix to temporarily hide that file, but ever since then I've been somewhat nervous about that information becoming available.
I do recall reading that it's possible to encode passwords as environmental variables on the server, so that they won't be visible in the script files ... but that won't prevent anyone who has the opportunity to run a malicious script from finding the hidden info.
Overall, I don't think that there's much chance of having your critical forum site files downloaded, but I'd be interested in the other's perspectives in the group!
Normally, nobody can access your database file in the root.
Just try the soft and see the result
No, the functionality of the forum can't be downloded. But files can be. I once downloded an entire site on JSP to learn it. I was wondering if someone attempted to download my website, the folder with the forum might be downloded to. If that happens, then the config file is compromised. Now i have been advised to move the config file (for phpbb2) OUTSIDE the site root. I'm interested in knowing if that will stop john doe and winHTTrack from accessing the config file with all the database connectivity info. Also, there will obviously be some logic in php files, maybe even CSS files that a webmaster will not want disclosed for whatever reason.
How does one prevent files, in particular php scripts from being downloaded by such programs.