[Typo3] security: close your directories
Elmar Hinz
elmar.hinz at vcd-berlin.de
Sun Oct 2 22:43:01 CEST 2005
Bartosz Aninowski wrote:
>
> As long as apache is parsing php files it is not possible to view the
> content, isn't it?
>
Thousands of smaller TYPO3 sites are running on shared hosts. I share
the experience that you may see more than you should of the other
accounts, if you only use the appropriate tools. Apache isn't the only
access to a file.
The other point is, that apache under circumstances tends to deliver
even files with .php extension in sourcecode. I have seen that several
times myself. It isn't nice if db access passwords are presented to the
world in such a direct way. Store passwords in protected directories if
even possible.
Elmar
--
Climate change 2005: New Orleans, Sahel, Bangladesh, Spain, Portugal,
Austria, Swiss, France, ...
Production of CO2 is killing people.
Production of CO2 just for fun is killing people just for fun.
More information about the TYPO3-english
mailing list