| Author |
Message |
![[Post New]](/forum/templates/html/images/icon_minipost_new.gif) 12/06/2005 16:33:09
|
akira
Beginner
Joined: 04/06/2005 04:53:41
Messages: 28
Offline
|
I am a bit concerned whether there is any way to protect the MySQL database password found in config.inc.php in admin folder. Since the password is not encrypted, anyone can just download the file and access the database.
Any solution for this.
Please advice and thanks in advance.
|
|
|
12/06/2005 18:25:10
|
Carbonize
Master
![[Avatar]](/forum/images/avatar/96871336492d73e733f55.jpg)
Joined: 12/06/2003 19:26:08
Messages: 4292
Location: Bristol, UK
Offline
|
Nobody can "just download the file" as you put it. Firstly any .php files are passed to the PHP processor which then send on ANY results from the PHP script. As there are no results returned from the config file they receive nothing.
Also you should have a .htaccess file in there saying deny from all which tells the server to not allow outside access to that folder.
|
Carbonize
I am not the maker of the Advanced Guestbook
get Lazarus |
|
|
13/06/2005 11:56:09
|
akira
Beginner
Joined: 04/06/2005 04:53:41
Messages: 28
Offline
|
OK, thanks for the tips
my htaccess set as follow, is it OK?
Please advice and thanks in advance
|
|
|
13/06/2005 15:10:00
|
Carbonize
Master
Joined: 12/06/2003 19:26:08
Messages: 4292
Location: Bristol, UK
Offline
|
The .htaccess that comes with the guestbook should be fine.
|
Carbonize
I am not the maker of the Advanced Guestbook
get Lazarus |
|
|
13/06/2005 15:14:30
|
akira
Beginner
Joined: 04/06/2005 04:53:41
Messages: 28
Offline
|
oh, what you mean is to add "Deny from all" in htaccess file in guestbook folder.
Currently, the htaccess in guestbook is "Option All-Indexes".
Should I change it to this :
Please advice. Sorry for asking so many coz I'm really new to this.
|
|
|
13/06/2005 15:33:48
|
Carbonize
Master
Joined: 12/06/2003 19:26:08
Messages: 4292
Location: Bristol, UK
Offline
|
The .htaccess I have in my guestbooks admin folder just says
|
Carbonize
I am not the maker of the Advanced Guestbook
get Lazarus |
|
|
13/06/2005 15:36:34
|
akira
Beginner
Joined: 04/06/2005 04:53:41
Messages: 28
Offline
|
thank you very much.
So I just change the htaccess in guestbook/admin instead of the one in guestbook folder.
Thanks again
|
|
|
13/06/2005 15:39:05
|
akira
Beginner
Joined: 04/06/2005 04:53:41
Messages: 28
Offline
|
Sorry,
I just check the guestbook/admin folder and found no htaccess in it. Should I add one into it?
Sorry for asking such a dumb question coz I dont want to mess up this nice script.
Thanks in advance
|
|
|
13/06/2005 15:45:33
|
Carbonize
Master
Joined: 12/06/2003 19:26:08
Messages: 4292
Location: Bristol, UK
Offline
|
I would with just deny from all
|
Carbonize
I am not the maker of the Advanced Guestbook
get Lazarus |
|
|
|
|
![[Search]](/forum/templates/html/images/icon_mini_search.gif){kind=icon}
![[Hottest Topics]](/forum/templates/html/images/icon_mini_recentTopics.gif){kind=icon}
![[Members]](/forum/templates/html/images/icon_mini_members.gif){kind=icon}
![[FAQ]](/forum/templates/html/images/icon_mini_faq.gif){kind=icon}
![[Register]](/forum/templates/html/images/icon_mini_register.gif){kind=icon}
Register![[Login]](/forum/templates/html/images/icon_mini_login.gif){kind=icon}
Login
![[Up]](/forum/templates/html/images/icon_up.gif){kind=icon}
![[Email]](/forum/templates/html/images/icon_email.gif){kind=icon}
![[WWW]](/forum/templates/html/images/icon_www.gif){kind=icon}
![[Yahoo!]](/forum/templates/html/images/icon_yim.gif){kind=icon}
![[MSN]](/forum/templates/html/images/icon_msnm.gif){kind=icon}
![[ICQ]](/forum/templates/html/images/icon_icq_add.gif){kind=icon}