PHP conf file permissions -


having strtucture in php proyect:

htdocs/     project_name/     conf/         db_info.xml     html/         index.php 

index.php reading db_info.xml

the owner , group of project , user created it.

document_root htdocs/project_name/html/

is insecure set 644 file db info , credentials (db_info.xml)?

read permision security issue or let folder named 'conf' out of document_root shouldn't problem?

i think don't need give read permission user, don't give them.

read permision security issue or let folder named 'conf' out of document_root shouldn't problem?

this must, if not can read databse if file has got 644 permission.

using .xml "database" it's not best security solution anyway, use solution if can't else. remember use strong hashing algorithm (bcrypt or argon2) salt


Comments

Popular posts from this blog

php - Vagrant up error - Uncaught Reflection Exception: Class DOMDocument does not exist -

vue.js - Create hooks for automated testing -

Add new key value to json node in java -