[development] let's cleanup /misc
Darrel O'Pry
dopry at thing.net
Wed Jan 11 16:10:21 UTC 2006
Well yeah, thats the point. We don't want anyone to browse to
settings.php. Only two things need to be able to access that file...
drupal, and the administrator.
On Tue, 2006-01-10 at 18:57 -0800, Steven Peck wrote:
> I am unsure how IIS would react to the settings.php file being outside
> of the virtual directory or how to configure it. Right now, unless
> you set the folder to allow for this, you cannot browse files below
> the root unless specifically allowed.
>
>
> ______________________________________________________________________
> From: development-bounces at drupal.org on behalf of Darrel O'Pry
> Sent: Tue 1/10/2006 8:41 AM
> To: development at drupal.org
> Subject: Re: [development] let's cleanup /misc
>
>
> On Tue, 2006-01-10 at 14:49 +0100, Bèr Kessels wrote:
> > Op dinsdag 10 januari 2006 14:20, schreef Adrian Rossouw:
> > > The OSX way is far far simpler, and much much cleaner.
> >
> > But much unsafer (not speaking of OSX vs Unix safety).
> > We discussed before, that PHP files should really live in a
> non-web-acessible
> > place.
> -- I kind of have to disagree with this... php files containing
> sensitive data should not be in a web accessible
> directory(settings.php)... If you're worried about people uploading
> randscript.php or rewriting your .php files I think you have other
> things you need to address like permissions.
>
> > The biggest downside of that, indeed, is that the web-accessible
> files can no
> > longer live in the module directories.
> >
> > Bèr
>
>
>
>
>
More information about the development
mailing list