[development] let's cleanup /misc
Steven Peck
speck at blkmtn.org
Wed Jan 11 02:57:12 UTC 2006
I am unsure how IIS would react to the settings.php file being outside of the virtual directory or how to configure it. Right now, unless you set the folder to allow for this, you cannot browse files below the root unless specifically allowed.
________________________________
From: development-bounces at drupal.org on behalf of Darrel O'Pry
Sent: Tue 1/10/2006 8:41 AM
To: development at drupal.org
Subject: Re: [development] let's cleanup /misc
On Tue, 2006-01-10 at 14:49 +0100, Bèr Kessels wrote:
> Op dinsdag 10 januari 2006 14:20, schreef Adrian Rossouw:
> > The OSX way is far far simpler, and much much cleaner.
>
> But much unsafer (not speaking of OSX vs Unix safety).
> We discussed before, that PHP files should really live in a non-web-acessible
> place.
-- I kind of have to disagree with this... php files containing
sensitive data should not be in a web accessible
directory(settings.php)... If you're worried about people uploading
randscript.php or rewriting your .php files I think you have other
things you need to address like permissions.
> The biggest downside of that, indeed, is that the web-accessible files can no
> longer live in the module directories.
>
> Bèr
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.drupal.org/pipermail/development/attachments/20060111/ac2df8f2/attachment-0001.htm
More information about the development
mailing list