[pmwiki-users] Using the cgi-bin directory

Bill Press billpress at gmail.com
Wed Apr 9 12:35:11 CDT 2008


Thank you everybody for your advice with my installation!

I've moved the installation out of cgi-bin, and I'm now using an encrypted
password (generated by ?action=crypt) in the config.php, just in case.

I really appreciate how helpful this community has been.

- Bill

On Wed, Apr 9, 2008 at 10:32 AM, Patrick R. Michaud <pmichaud at pobox.com>
wrote:

> On Wed, Apr 09, 2008 at 05:46:02PM +0200, Peter & Melodye Bowers wrote:
> > >But if you are concerned about security, encrypt your password - then
> > >it doesn't matter if others can see it. Just add "?action=crypt" to
> > >the URL of any page on any pmwiki website to get a form to generate an
> > >encrypted version of your password.
> > >
> > >Use encrypted passwords in your config.php and anywhere else that you
> > >need to put a password.
> >
> > Just to set my mind at ease...  The only way someone could get access to
> the
> > text within config.php is if they have physical access to the server or
> in
> > some other way have compromised the overall security of the server,
> right?
> > I mean, nobody with a browser could somehow look at the *contents* of a
> PHP
> > source, filee, could they?
>
> In general it's very difficult to view the contents of a PHP file
> from a browser.  In the case of local/config.php, usually one of
> two things happens:
>
> 1.  The .htaccess file that is in the local/ directory prevents
> a browser from viewing config.php
>
> 2.  The webserver sees that config.php is a PHP script and executes it.
> Of course, since the script generally does little more than set variables
> or load recipes, the browser gets back a blank page or a page with an
> error message on it.
>
> Pm
>
> _______________________________________________
> pmwiki-users mailing list
> pmwiki-users at pmichaud.com
> http://www.pmichaud.com/mailman/listinfo/pmwiki-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.pmichaud.com/pipermail/pmwiki-users/attachments/20080409/dab93550/attachment.html 


More information about the pmwiki-users mailing list