How are sensitive .php files protected? - Printable Version +- MyBB Community Forums (https://community.mybb.com) +-- Forum: 1.8 Support (https://community.mybb.com/forum-175.html) +--- Forum: General Support (https://community.mybb.com/forum-176.html) +--- Thread: How are sensitive .php files protected? (/thread-175807.html) |
How are sensitive .php files protected? - American - 2015-08-24 It didn't occur to me until today that sensitive php files such as config.php are, like all mybb files, are in a public directory. What prevents someone from just downloading config.php and getting my Admin CP PIN? When I go to inc/config.php on my site, it comes up as a blank page, but is this just my browser or is there really no way to download the files from the front end? I have not seen the answer to this in my search of the forums, probably because it is so obvious! Thanks. RE: How are sensitive .php files protected? - .m. - 2015-08-24 php files are not downloadable by general public (unless php is configured incorrectly by web host) RE: How are sensitive .php files protected? - American - 2015-08-24 (2015-08-24, 02:43 AM).m. Wrote: php files are not downloadable by general public (unless php is configured incorrectly by web host) Thanks. Can you explain how people are prevented from accessing/downloading/viewing php files? Also, how can I check to ensure that my web host does not have an incorrect configuration? RE: How are sensitive .php files protected? - .m. - 2015-08-24 IMO, there is no need to worry about it as php files are not sent directly to browsers. they are first executed by web server. you have already seen that config.php file is not accessible through your browser. yet, if you want to take precautions then please see Security Tutorials & search results on Google |