config.php

Discussion of general topics related to the new version and its place in the world. Don't discuss new features, report bugs, ask for support, et cetera. Don't use this to spam for other boards or attack those boards!
Forum rules
Discussion of general topics related to the new release and its place in the world. Don't discuss new features, report bugs, ask for support, et cetera. Don't use this to spam for other boards or attack those boards!
4test
Registered User
Posts: 2
Joined: Fri Mar 25, 2005 8:30 am

config.php

Post by 4test »

How can i hide the user & pass info ?

wget xxx.forum/config.php ??????

Please need help
User avatar
the_dan
Registered User
Posts: 700
Joined: Thu Apr 01, 2004 7:36 pm

Re: config.php

Post by the_dan »

You don't.
Take a look at the area51 config file:
config.php" target="_blank

Dan
User avatar
cyberCrank
Registered User
Posts: 560
Joined: Wed Jan 28, 2004 3:38 am
Location: Ethereal Bliss

Re: config.php

Post by cyberCrank »

But still maybe wise to .htaccess and/or chmod block it IMO for other less obvious reasons...
User avatar
olger901
Registered User
Posts: 536
Joined: Tue May 11, 2004 4:57 pm

Re: config.php

Post by olger901 »

If you really want to be secure delete the file.

Oh, forgot to mention that the board will stop working then, but for the rest, there are no other side effects :lol:
-
User avatar
mansuetus
Registered User
Posts: 130
Joined: Sun Dec 07, 2003 8:02 pm
Location: Paris, France
Contact:

Re: config.php

Post by mansuetus »

More seriously,
if something appears when You access via the webserver to config.php, then you should enable PHP4 or PHP5 mod !
Petite publicité pour mon site : on présente des horoscopes qui tuent, on propose des tests,
et si tu cherches bien, tu verras même un phpBB :-)
viens sur spontex.org !
uranusalien
Registered User
Posts: 32
Joined: Mon Oct 27, 2003 4:48 pm
Contact:

Re: config.php

Post by uranusalien »

It might be wise to put in this .htaccess, that way if PHP gets accidentially disabled it's still protected:

<Files "config.php">
Deny from all
</Files>
User avatar
cyberCrank
Registered User
Posts: 560
Joined: Wed Jan 28, 2004 3:38 am
Location: Ethereal Bliss

Re: config.php

Post by cyberCrank »

uranusalien wrote: It might be wise to put in this .htaccess, that way if PHP gets accidentially disabled it's still protected...
ditto that as noted in bold ;)
cyberCrank wrote: But still maybe wise to .htaccess and/or chmod block it IMO for other less obvious reasons...
** when PHP falters, then the content of any accesible PHP file (critical or otherwise) is exposed unless blocked; maybe a rare occasion if at all, but precaution is prudence for the wise... **
Martin Blank
Registered User
Posts: 687
Joined: Sun May 11, 2003 11:17 am

Re: config.php

Post by Martin Blank »

I seem to recall that you can also put the main config.php file (or, for that matter, any other file) outside of the web-accessible location, and have your config.php file read:

require "/home/user/safezone/config.php";

That way, there may be a loss of path information, but the passwords are still outside of casual reach.
You can never go home again... but I guess you can shop there.
Black_Hole
Registered User
Posts: 10
Joined: Sun Oct 10, 2004 3:45 pm

Re: config.php

Post by Black_Hole »

you could also chmod config.php to 700, or 400. However 400 will cause errors if phpbb tries to write to config.php... which is only in upgrades and installations if i am correct
Magnotta
Registered User
Posts: 80
Joined: Wed Feb 09, 2005 12:49 am

Re: config.php

Post by Magnotta »

you could always as well try changing the name to something else. Just make sure however to chance the name of the file inside common.php as well.
Post Reply