Tycoon Talk
Become a Big fish!
The number 1 forum for online business!
Post topics, ask questions, share your knowledge.
Tycoon Talk is part of Freelancer.com - find skilled workers online at a fraction of the cost.

PHP Forum


You are currently viewing our PHP Forum as a guest. Please register to participate.
Login


Tycoon Talk > Web Development and Programming Support > PHP Forum > Storing files outside a publicly accessible directory

Freelance Jobs

Reply
Storing files outside a publicly accessible directory
Old 04-04-2008, 01:24 PM Storing files outside a publicly accessible directory
Skilled Talker

Posts: 90
Location: Savannah, GA
Trades: 0
Talkupation: mgarde will become famous soon enough
I have some friends who use wordpress and have asked me for my opinion on keeping it secure between updates. My recommendations are standard, only allow specific IP's via .htaccess etc.

Although I came across this mental challenge, one friend pointed out a blog where the writer recommended storing your database username and password outside a publicly accessible area. For example, if your config file is /home/www/public_html/wp-config.php you should remove the variables for username and password and place them into /home/www/wp-config-unseen.php and reference them using an include statement from wp-config.php

Now I get the logic if wp-config.php could be seen naked however if the vulnerability is from a variable leak then this would offer no protection.

Is there something I am missing? What good can this do? Is there a PHP hack that would allow you to see an unprocessed file?

Thanks
-Mike
__________________
-Mike
-
Please login or register to view this content. Registration is FREE
mgarde is offline
Reply With Quote
View Public Profile Visit mgarde's homepage!
 
 
Register now for full access!
Old 04-04-2008, 04:04 PM Re: Storing files outside a publicly accessible directory
Average Talker

Posts: 18
Trades: 0
Talkupation: awatson is on a distinguished road
Not that I know of. Perhaps if php were printing errors to the browser and they could cause an error on that line somehow?
__________________
30 Day Money-Back Guarantee -
Please login or register to view this content. Registration is FREE
-
Please login or register to view this content. Registration is FREE
-
Please login or register to view this content. Registration is FREE
awatson is offline
Reply With Quote
View Public Profile
 
Old 04-04-2008, 04:46 PM Re: Storing files outside a publicly accessible directory
Defies a Status

Posts: 1,606
Trades: 0
Talkupation: colbyt is a splendid one to beholdcolbyt is a splendid one to beholdcolbyt is a splendid one to beholdcolbyt is a splendid one to beholdcolbyt is a splendid one to beholdcolbyt is a splendid one to beholdcolbyt is a splendid one to behold
I see no real advantage, maybe I am wrong.

In the event there is a connection error only the username will be revealed to the browser. The password info will be yes if it was used and no if it wasn't.

Storing the files outside of public will not prevent anyone who gains access via ftp or the control panel from seeing, copying or dowloading the file.
__________________
Colbyt

Please login or register to view this content. Registration is FREE
colbyt is offline
Reply With Quote
View Public Profile
 
Reply     « Reply to Storing files outside a publicly accessible directory
 
Previous Thread | Next Thread Tycoon Talk > Web Development and Programming Support > PHP Forum > Storing files outside a publicly accessible directory

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off




   
RSS Feed  Feeds: RSS   JS   XML
RSS Feed  Feeds for this forum: RSS   JS   XML



Page generated in 0.17571 seconds with 12 queries