Well yeah, thats the point. We don't want anyone to browse to settings.php. Only two things need to be able to access that file... drupal, and the administrator. On Tue, 2006-01-10 at 18:57 -0800, Steven Peck wrote:
I am unsure how IIS would react to the settings.php file being outside of the virtual directory or how to configure it. Right now, unless you set the folder to allow for this, you cannot browse files below the root unless specifically allowed.
______________________________________________________________________ From: development-bounces@drupal.org on behalf of Darrel O'Pry Sent: Tue 1/10/2006 8:41 AM To: development@drupal.org Subject: Re: [development] let's cleanup /misc
On Tue, 2006-01-10 at 14:49 +0100, Bèr Kessels wrote:
Op dinsdag 10 januari 2006 14:20, schreef Adrian Rossouw:
The OSX way is far far simpler, and much much cleaner.
But much unsafer (not speaking of OSX vs Unix safety). We discussed before, that PHP files should really live in a non-web-acessible place. -- I kind of have to disagree with this... php files containing sensitive data should not be in a web accessible directory(settings.php)... If you're worried about people uploading randscript.php or rewriting your .php files I think you have other things you need to address like permissions.
The biggest downside of that, indeed, is that the web-accessible files can no longer live in the module directories.
Bèr