PHP conf file permissions -
having strtucture in php proyect:
htdocs/ project_name/ conf/ db_info.xml html/ index.php
index.php reading db_info.xml
the owner , group of project , user created it.
document_root htdocs/project_name/html/
is insecure set 644 file db info , credentials (db_info.xml)?
read permision security issue or let folder named 'conf' out of document_root shouldn't problem?
i think don't need give read permission user, don't give them.
read permision security issue or let folder named 'conf' out of document_root shouldn't problem?
this must, if not can read databse if file has got 644 permission.
using .xml "database" it's not best security solution anyway, use solution if can't else. remember use strong hashing algorithm (bcrypt or argon2) salt
Comments
Post a Comment