Not Solved How are sensitive .php files protected?
#1
Not Solved
It didn't occur to me until today that sensitive php files such as config.php are, like all mybb files, are in a public directory. What prevents someone from just downloading config.php and getting my Admin CP PIN? When I go to inc/config.php on my site, it comes up as a blank page, but is this just my browser or is there really no way to download the files from the front end? I have not seen the answer to this in my search of the forums, probably because it is so obvious! Thanks.
Reply
#2
Not Solved
php files are not downloadable by general public (unless php is configured incorrectly by web host)
Reply
#3
Not Solved
(2015-08-24, 02:43 AM).m. Wrote: php files are not downloadable by general public (unless php is configured incorrectly by web host)

Thanks. Can you explain how people are prevented from accessing/downloading/viewing php files? Also, how can I check to ensure that my web host does not have an incorrect configuration?
Reply
#4
Not Solved
IMO, there is no need to worry about it as php files are not sent directly to browsers. they are first executed by web server.

you have already seen that config.php file is not accessible through your browser.

yet, if you want to take precautions then please see Security Tutorials & search results on Google
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)