Need Help ptotecting configuration.php - Joomla! Forum - community, help and support
hi,
newb question:
i found 1 of threads secure joomla website:
http://forum.joomla.org/viewtopic.php?f=432&t=391251&p=1788498&hilit=htaccess#p1788498
i stuck on #5: protect configuration file it's configuration.php. containing informations mysql , use remove database or disable site.
so read , says put configuration.php file outside of public_htm folder , point code:
where old configuration file was.
here problem having. on network solutions , root has 2 directories:
1. cgi_bin
2. htdocs
my joomla site located in htdocs dir. unzipped inside of htdocs dir. when try go root , try create new directory, not give me permisson. there missing here?
pls newb
bora
newb question:
i found 1 of threads secure joomla website:
http://forum.joomla.org/viewtopic.php?f=432&t=391251&p=1788498&hilit=htaccess#p1788498
i stuck on #5: protect configuration file it's configuration.php. containing informations mysql , use remove database or disable site.
so read , says put configuration.php file outside of public_htm folder , point code:
code: select all
<?php
require( sera2008( __file__ ) . '/../joomla.conf' );
?>
where old configuration file was.
here problem having. on network solutions , root has 2 directories:
1. cgi_bin
2. htdocs
my joomla site located in htdocs dir. unzipped inside of htdocs dir. when try go root , try create new directory, not give me permisson. there missing here?
pls newb
bora
i haven't read particular thread, feel doing unnecessary , not recommended. here's few reasons why -
1. ".php" file cannot viewed via http. ftp or other access requiring authorization can examine contents of php file (unless error handling exposes code on errors).
2. file ".conf" extension, unlike ".php", treated text file , examined via http if viewer can access folder.
3. sites backed via process copies zip file sub folder of domain can accessed via http. (i.e.: /backups/) exposing .conf file public access.
4. though many do, possible host not allow uploads above htdocs folder, making item impossible.
5. can envision problems extensions expecting find normal config file.
6. joomla uses excellent security team , if felt way things, default.
i come more, have had 1 pot of coffee far morning! :-)
1. ".php" file cannot viewed via http. ftp or other access requiring authorization can examine contents of php file (unless error handling exposes code on errors).
2. file ".conf" extension, unlike ".php", treated text file , examined via http if viewer can access folder.
3. sites backed via process copies zip file sub folder of domain can accessed via http. (i.e.: /backups/) exposing .conf file public access.
4. though many do, possible host not allow uploads above htdocs folder, making item impossible.
5. can envision problems extensions expecting find normal config file.
6. joomla uses excellent security team , if felt way things, default.
i come more, have had 1 pot of coffee far morning! :-)
Comments
Post a Comment