Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

configure.php security


antonbartolo

Recommended Posts

Posted

my configure.php lies in the .../catalog/includes directory. The file is -rw-r--r-- and the two directories are drwxr-xr-x

 

Does this mean that anyone with bad intentions can go in and read my configure.php file?

 

The reason I worry is that the file contains values for:

DB_SERVER

DB_SERVER_USERNAME

DB_SERVER_PASSWORD

DB_DATABASE

 

In other words, if somebody reads it he/she will have full access to my database to do with it whatever they want.

 

If my worrying is correct, is there a way to prevent this. I have not managed to find anything on this in any forum.

 

Anton

Posted

hi,

The includes directory has a .htaccess anyhow, if you try to link to it through http it will give you a error, it is just a safe guard. there are some who could get to it but most people do not know how if you chmod it to 644 or if windows to read only this will protect it.

Sometimes you're the dog and sometimes the lamp post

[/url]

My Contributions

Posted
... there are some who could get to it ....

Now that worries me even more!

 

But I guess I'm just being paranoid! After all, who would want to get into my configure.php, find the info to access my database and go in and read all the data there, possibly changing some of it so that I'm suddenly selling Jonny Wilkinson posters at 1p a piece!

 

Anton

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...