[development] let's cleanup /misc
Gabor Hojtsy
gabor at hojtsy.hu
Wed Jan 11 21:13:44 UTC 2006
Darrel O'Pry wrote:
> And just in case is all it is... I don't think it should all be moved
> around. I was just trying to make a point that if people insist on
> moving things out of the public drupal tree, that they limit themselves
> to settings.php. settings.php is the only file in drupal that has the
> potential to be a security problem if its contents are exposed...
>
> The downside of that rarely occurring misconfiguration for say an
> e-commerce site, is a large liability.
>
> Then again its easy enough for the determined to relocate their
> settings.php. So maybe in light of popular opinion we just need to add
> the site/all and be done with it. :)
Darrel, any module or theme source file could be a security problem if
exposed. You can directly inspect the source code, identify versions, or
in case of custom code, examine weaknesses. Any identified publicly
available module can possibly contain weaknesses.
Goba
More information about the development
mailing list