[Typo3] security: close your directories
Steffen Müller
steffen at mail.kommwiss.fu-berlin.de
Sun Oct 2 22:25:10 CEST 2005
On 02.10.2005 21:55 Bartosz Aninowski wrote:
>>2a) http://wiki.typo3.org/index.php/Security
>>2b)
>
>
> "Remove access to localconf.php
> What we will do here is eliminate the ability for remote users to view your
> localconf.php file."
>
> As long as apache is parsing php files it is not possible to view the
> content, isn't it?
>
Right.
Scenario is: If someone is able to read the files inside your typo3
directory (e.g. with phpshell), your localconf.php might be safe inside
another directory tree, where read access is forbidden.
Anyway, as stated, this is a rather rare case.
--
cheers,
Steffen
More information about the TYPO3-english
mailing list