Find the answer to your Linux question:
Results 1 to 2 of 2
iv'e noticed that my phpbb2 forum config.php file with access username and password to mysql database can be viewed by everyone who has a shell account in my server. how ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Mar 2005
    Posts
    1

    phpbb2 config.php vulnerability


    iv'e noticed that my phpbb2 forum config.php file with access username and password to mysql database can be viewed by everyone who has a shell account in my server.

    how do i hide password or limit the access to config.php ?
    when i change rights for global access forum just stops working...

  2. #2
    Linux Guru
    Join Date
    Apr 2003
    Location
    London, UK
    Posts
    3,284
    Ultimatly there is very little you can do to stop people reading that file.

    You could chroot their ssh session which would stop them reading it from the shell.

    However.. if they have webspace on your server then be aware they would still be able to write a php/perl script which could read your config.php if they knew its path.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •