garnet Posted February 4, 2011 Share Posted February 4, 2011 If you have a .htaccess protection of the admin (most likely renamed) folder, looking at the server_info.php file from within your administration back-end will list your .htaccess user and password in plain text. I dont know if this could be used in and malicious way, but you would be better off if you get rid of the server_info.php file. Any more opinions welcome. OSC beginner Link to comment Share on other sites More sharing options...
Guest Posted February 4, 2011 Share Posted February 4, 2011 If your site is secure, having the information listed will not be a problem. Chris Link to comment Share on other sites More sharing options...
germ Posted February 4, 2011 Share Posted February 4, 2011 If you have a .htaccess protection of the admin (most likely renamed) folder, looking at the server_info.php file from within your administration back-end will list your .htaccess user and password in plain text. I dont know if this could be used in and malicious way, but you would be better off if you get rid of the server_info.php file. Any more opinions welcome. The flaw in this logic is that if you have .htaccess protection and they can get to server_info.php and display it, that means they can get to every other file in the admin as well. And just for "grins and giggles" mine shows the .htaccess username but NOT the password. If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you. "Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice." - Me - "Headers already sent" - The definitive help "Cannot redeclare ..." - How to find/fix it SSL Implementation Help Like this post? "Like" it again over there > Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.