[wikka-community] wikka.config.php
mahefa randimbisoa
dotmg
Fri May 20 06:14:14 GMT 2011
Hi,
your browser (or wget) could request the document wikka.config.php, and
here's what will happen :
1) if you enabled mod_rewrite, the wikka engine considers this request as
for a Wiki document called wikka.config.php, and returns an html page saying
that the page doesn't exists. It is a valid page, but it doesn't contain any
of your sensitive data.
2) if you didn't enable mod_rewrite, PHP will process the file
wikka.config.php. There's no echo or print inside it, it would just like
processing a php script containing instructions like <?php $a = 0; $b = 1;
... It is again a valid page but it won't contain anything.
This is why the config file has the extension .php (and not .txt or .ini)
But if you can just download the content of file as it is, you have serious
problem with your apache configuration which, presumably, doesn't send .php
files to PHP.
--
Mahefa
"La razon es tediosa y aburrida...*utilizaremos la fuerza*"
(Los Pinguinos de Madagascar)
On Fri, May 20, 2011 at 8:18 AM, john francis lee <jfl at robinlea.com> wrote:
> Hi,
>
> I set up a test wikka, sometime ago actually, but now that wikka has
> utf-8 support in 1.3.1 I'm more excited again.
>
> But I have noticed that I can use wget to download the wikka.config.php
> file with no trouble. Of course it contains my data base password. How
> can this be secure? I must have set it up incorrectly, somehow, right?
>
> wikka.config.php is loated in the document root of my wikk site. Is
> this 'correct'?
>
> Thanks for your help.
>
> --
> "This message may have been intercepted and read by U.S. government
> agencies including the FBI, CIA, and NSA and/or the present government
> of Thailand without notice or warrant or knowledge of sender or
> recipient."
>
> John Francis Lee
> 246/3 Thanon Kaew Wai
> Mueang Chiangrai 57000
> Thailand
>
>
> _______________________________________________
> WikkaWiki Community mailing list
> community at wikkawiki.org
> http://mail.wikkawiki.org/mailman/listinfo/community_wikkawiki.org
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.wikkawiki.org/pipermail/community_wikkawiki.org/attachments/20110520/5ca4aff0/attachment.html>
More information about the community
mailing list