[pmwiki-users] Using the cgi-bin directory
billpress at gmail.com
Wed Apr 9 12:35:11 CDT 2008
Thank you everybody for your advice with my installation!
I've moved the installation out of cgi-bin, and I'm now using an encrypted
password (generated by ?action=crypt) in the config.php, just in case.
I really appreciate how helpful this community has been.
On Wed, Apr 9, 2008 at 10:32 AM, Patrick R. Michaud <pmichaud at pobox.com>
> On Wed, Apr 09, 2008 at 05:46:02PM +0200, Peter & Melodye Bowers wrote:
> > >But if you are concerned about security, encrypt your password - then
> > >it doesn't matter if others can see it. Just add "?action=crypt" to
> > >the URL of any page on any pmwiki website to get a form to generate an
> > >encrypted version of your password.
> > >
> > >Use encrypted passwords in your config.php and anywhere else that you
> > >need to put a password.
> > Just to set my mind at ease... The only way someone could get access to
> > text within config.php is if they have physical access to the server or
> > some other way have compromised the overall security of the server,
> > I mean, nobody with a browser could somehow look at the *contents* of a
> > source, filee, could they?
> In general it's very difficult to view the contents of a PHP file
> from a browser. In the case of local/config.php, usually one of
> two things happens:
> 1. The .htaccess file that is in the local/ directory prevents
> a browser from viewing config.php
> 2. The webserver sees that config.php is a PHP script and executes it.
> Of course, since the script generally does little more than set variables
> or load recipes, the browser gets back a blank page or a page with an
> error message on it.
> pmwiki-users mailing list
> pmwiki-users at pmichaud.com
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the pmwiki-users