2015-08-24, 02:13 AM
(This post was last modified: 2015-08-24, 02:14 AM by American.
Edit Reason: grammar
)
It didn't occur to me until today that sensitive php files such as config.php are, like all mybb files, are in a public directory. What prevents someone from just downloading config.php and getting my Admin CP PIN? When I go to inc/config.php on my site, it comes up as a blank page, but is this just my browser or is there really no way to download the files from the front end? I have not seen the answer to this in my search of the forums, probably because it is so obvious! Thanks.