PhpDig.net

Go Back   PhpDig.net > PhpDig Forums > How-to Forum

Reply
 
Thread Tools
Old 02-24-2004, 09:02 AM   #1
rom
Green Mole
 
Join Date: Jan 2004
Posts: 25
security

I wanted to confirm that I have set-up security correctly on my site. My server runs Apache on Linux, not safe-mode enabled.

1. I have used htaccess on the admin directory for PhpDig and on the PhpMyAdmin directory, but isn't it possible for an unauthorized user to get access to the user name and password in the connect.php and config.php files in the includes directory? I have set the Chmod on the includes directory to 755.

2. Also, the documentation for PhpDig says that: "Password protected sites can be indexed giving to the robot a username and valid password.
Be Careful ! This feature could permit to an unauthorized user reading protected informations. We recommend to create a specific instance of PhpDig, protected by the same credentials as the restricted site. You have to create a special account for the robot too." Does this mean that someone can obtain the user name and password for my PhpMyAdmin directory?

Thanks very much.
rom is offline   Reply With Quote
Old 02-28-2004, 03:21 PM   #2
Charter
Head Mole
 
Charter's Avatar
 
Join Date: May 2003
Posts: 2,539
Hi. Let's assume that the server is secure and no files on your account have vulnerabilities. With these assumptions, there could be a remote possibility that a user on a shared account could access another account on the same machine, but this would depend on setup. The 777 permission of the includes directory is for using install.php, but once done, the directory can be 755 permission and install.php can be removed. The documentation refers to if you should happen to crawl a link like http://username:password@www.domain.com which would pass the userame and password in plain text.
__________________
Responses are offered on a voluntary if/as time is available basis, no guarantees. Double posting or bumping threads will not get your question answered any faster. No support via PM or email, responses not guaranteed. Thank you for your comprehension.
Charter is offline   Reply With Quote
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Security issues Niele How-to Forum 1 04-25-2005 09:52 AM
Security Risk: allow_url_fopen = ON Rolandks Troubleshooting 0 10-07-2004 07:32 AM
got hacket, how? security hole? Killersushi Troubleshooting 2 07-12-2004 07:45 PM
How to solve :set_time_limit() has been disabled for security netall Troubleshooting 1 02-28-2004 04:12 PM
Newbie with a problem with the security code Mayday Troubleshooting 0 02-25-2004 03:27 PM


All times are GMT -8. The time now is 04:01 AM.


Powered by vBulletin® Version 3.7.3
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Copyright © 2001 - 2005, ThinkDing LLC. All Rights Reserved.