On Wed, 2006-01-11 at 11:14 -0500, Morbus Iff wrote:
Well yeah, thats the point. We don't want anyone to browse to settings.php. Only two things need to be able to access that file... drupal, and the administrator.
Why not? I really think this is getting crazy, securitywise.
* An admin would have to screw up .php configuration badly.
* An admin would have to screw it up badly for a *length* of time.
* The liklihood of an admin screwing up .php for a *length* of time is about as equal to them screwing up the DocRoot of a virtualhost (thus, exposing a protected settings.php).
This stuff just doesn't happen in principle, and the downsides of making it secure for a "just in case" is, IMO, not worth the effort.
And just in case is all it is... I don't think it should all be moved around. I was just trying to make a point that if people insist on moving things out of the public drupal tree, that they limit themselves to settings.php. settings.php is the only file in drupal that has the potential to be a security problem if its contents are exposed... The downside of that rarely occurring misconfiguration for say an e-commerce site, is a large liability. Then again its easy enough for the determined to relocate their settings.php. So maybe in light of popular opinion we just need to add the site/all and be done with it. :)