[wikka-community] wikka.config.php
john francis lee
jfl
Fri May 20 09:15:42 GMT 2011
Thanks... I get the first possibility... I should have looked inside
the file I wgot before leaping to conclusions.
Thanks.
On 05/20/2011 01:14:14 PM, mahefa randimbisoa wrote:
> Hi,
>
> your browser (or wget) could request the document wikka.config.php,
> and here's what will happen :
>
> 1) if you enabled mod_rewrite, the wikka engine considers this
> request as for a Wiki document called wikka.config.php, and returns
> an html page saying that the page doesn't exists. It is a valid
> page, but it doesn't contain any of your sensitive data.
>
> 2) if you didn't enable mod_rewrite, PHP will process the file
> wikka.config.php. There's no echo or print inside it, it would just
> like processing a php script containing instructions like <?php $a =
> 0; $b = 1; ... It is again a valid page but it won't contain
> anything.
>
> This is why the config file has the extension .php (and not .txt
> or .ini)
>
> But if you can just download the content of file as it is, you have
> serious problem with your apache configuration which, presumably,
> doesn't send .php files to PHP.
>
> --
> Mahefa
>
> "La razon es tediosa y aburrida...*utilizaremos la fuerza*"
> (Los Pinguinos de Madagascar)
>
>
>
>
> On Fri, May 20, 2011 at 8:18 AM, john francis lee <jfl at robinlea.com>
> wrote:
>
> > Hi,
> >
> > I set up a test wikka, sometime ago actually, but now that wikka
> has
> > utf-8 support in 1.3.1 I'm more excited again.
> >
> > But I have noticed that I can use wget to download the
> wikka.config.php
> > file with no trouble. Of course it contains my data base password.
> How
> > can this be secure? I must have set it up incorrectly, somehow,
> right?
> >
> > wikka.config.php is loated in the document root of my wikk site. Is
> > this 'correct'?
> >
> > Thanks for your help.
> >
> > --
> > "This message may have been intercepted and read by U.S. government
> > agencies including the FBI, CIA, and NSA and/or the present
> government
> > of Thailand without notice or warrant or knowledge of sender or
> > recipient."
> >
> > John Francis Lee
> > 246/3 Thanon Kaew Wai
> > Mueang Chiangrai 57000
> > Thailand
> >
> >
> > _______________________________________________
> > WikkaWiki Community mailing list
> > community at wikkawiki.org
> > http://mail.wikkawiki.org/mailman/listinfo/community_wikkawiki.org
> >
>
>
------quoted attachment------
> _______________________________________________
> WikkaWiki Community mailing list
> community at wikkawiki.org
> http://mail.wikkawiki.org/mailman/listinfo/community_wikkawiki.org
>
>
--
"This message may have been intercepted and read by U.S. government
agencies including the FBI, CIA, and NSA and/or the present government
of Thailand without notice or warrant or knowledge of sender or
recipient."
John Francis Lee
246/3 Thanon Kaew Wai
Mueang Chiangrai 57000
Thailand
More information about the community
mailing list