[svlug] Privacy issue with my php solution...

Ivan Sergio Borgonovo mail at webthatworks.it
Tue Sep 8 06:42:13 PDT 2015


On 09/06/2015 02:24 AM, Sarah Newman wrote:
> On 09/05/2015 05:21 PM, Michael Robinson wrote:
>> I found out that I can create a table in php by reading a database if
>> the php files on the server are readable and executable by the whole
>> world.  Trouble is, that reveals the database password.  While the
>> database I'm using is not accessible from the Internet, this still
>> isn't particularly good.  Is there another way to solve this that
>> doesn't involve revealing the database password to the world?
> I think you can include another php file that isn't world readable.

There is actually no need to have any world readable file in a properly 
set up web server including the one your web server have to read.

Different web servers and environment may have different needs for how 
you've to assign ownership and permissions but generally x bits are OFF 
and "other" doesn't have to have any permission.

-- 
Ivan Sergio Borgonovo
http://www.webthatworks.it




More information about the svlug mailing list