Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

config.php security


Stryks

Recommended Posts

Hi,

 

I've been testing out my host to make sure that everything will run smoothly, however I have come across something interesting. If I go up a directory from my own page, I come to a page which lists other users sites. I can then click on their folders and while I cannot actually write to their directories, I can read all of their files.

 

Presumably, if I can do this, then they can do this. If so, what stops them from just openeing up my config.php file and finding my mySQL database name, username and password? I mean ... any site should be able to access that if they have the details, so they could potentially have free access to my data for edition or deletion.

 

I'm thinking that perhaps I can chmod my folders or files so that others on my server can't get access to this.

 

Any help here would be appreciated.

 

Cheers

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...