rom
02-24-2004, 09:02 AM
I wanted to confirm that I have set-up security correctly on my site. My server runs Apache on Linux, not safe-mode enabled.
1. I have used htaccess on the admin directory for PhpDig and on the PhpMyAdmin directory, but isn't it possible for an unauthorized user to get access to the user name and password in the connect.php and config.php files in the includes directory? I have set the Chmod on the includes directory to 755.
2. Also, the documentation for PhpDig says that: "Password protected sites can be indexed giving to the robot a username and valid password.
Be Careful ! This feature could permit to an unauthorized user reading protected informations. We recommend to create a specific instance of PhpDig, protected by the same credentials as the restricted site. You have to create a special account for the robot too." Does this mean that someone can obtain the user name and password for my PhpMyAdmin directory?
Thanks very much.
:confused:
1. I have used htaccess on the admin directory for PhpDig and on the PhpMyAdmin directory, but isn't it possible for an unauthorized user to get access to the user name and password in the connect.php and config.php files in the includes directory? I have set the Chmod on the includes directory to 755.
2. Also, the documentation for PhpDig says that: "Password protected sites can be indexed giving to the robot a username and valid password.
Be Careful ! This feature could permit to an unauthorized user reading protected informations. We recommend to create a specific instance of PhpDig, protected by the same credentials as the restricted site. You have to create a special account for the robot too." Does this mean that someone can obtain the user name and password for my PhpMyAdmin directory?
Thanks very much.
:confused: