Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

MySQL password and configure.php


sfatula

Recommended Posts

Ok, for those people on a shared host, the configure.php file has in it the user name and password for your database. So, the simple question is - Using OSC, how can you hide it? Yes, you can stop WEB users from accessing the file, but, what's to stop another user on the same host from simply going into the file and reading it since it is world readable?

Steve

Link to comment
Share on other sites

Ok, and those permissions would be.... Since Apache runs as www, and www would be other, and if you set the directory to 770, this means apache can not access the pages.

Steve

Link to comment
Share on other sites

Let me rephrase that... :P

 

If they have apache configured properly through the htaccess and httpd.conf files. I am by no means an apache expert though so I am not familar with what settings need to be. Basically the permissions are there to allow people to see it, but through the configuration settings they are unable to see or browse.

 

One way to test this is to use an ftp program and see how high up the directory tree you can go. If you can see other people's directories on your hosts server and read the files there, then they have configured something wrong. You should not be able to do that.

 

Try searching the web for apache docs or httpd.conf and htaccess. You will probably be able to get a better answer there.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...