It didn't occur to me until today that sensitive php files such as config.php are, like all mybb files, are in a public directory. What prevents someone from just downloading config.php and getting my Admin CP PIN? When I go to inc/config.php on my site, it comes up as a blank page, but is this just my browser or is there really no way to download the files from the front end? I have not seen the answer to this in my search of the forums, probably because it is so obvious! Thanks.
php files are not downloadable by general public (unless php is configured incorrectly by web host)
(2015-08-24, 02:43 AM).m. Wrote: [ -> ]php files are not downloadable by general public (unless php is configured incorrectly by web host)
Thanks. Can you explain how people are prevented from accessing/downloading/viewing php files? Also, how can I check to ensure that my web host does not have an incorrect configuration?
IMO, there is no need to worry about it as
php files are not sent directly to browsers. they are first executed by web server.
you have already seen that
config.php file is not accessible through your browser.
yet, if you want to take precautions then please see
Security Tutorials &
search results on Google