[wikka-community] wikka.config.php

john francis lee jfl
Fri May 20 09:15:42 GMT 2011 

Thanks... I get the first possibility... I should have looked inside 
the file I wgot before leaping to conclusions.

Thanks.

On 05/20/2011 01:14:14 PM, mahefa randimbisoa wrote:
> Hi,
> 
> your browser (or wget) could request the document wikka.config.php,
> and here's what will happen :
> 
> 1) if you enabled mod_rewrite, the wikka engine considers this 
> request as for a Wiki document called wikka.config.php, and returns 
> an html page saying that the page doesn't exists. It is a valid 
> page, but it doesn't contain any of your sensitive data.
> 
> 2) if you didn't enable mod_rewrite, PHP will process the file
> wikka.config.php. There's no echo or print inside it, it would just
> like processing a php script containing instructions like <?php $a = 
> 0; $b = 1; ... It is again a valid page but it won't contain 
> anything.
> 
> This is why the config file has the extension .php (and not .txt 
> or .ini)
> 
> But if you can just download the content of file as it is, you have
> serious problem with your apache configuration which, presumably, 
> doesn't send .php files to PHP.
> 
> --
> Mahefa
> 
> "La razon es tediosa y aburrida...*utilizaremos la fuerza*"
> (Los Pinguinos de Madagascar)
> 
> 
> 
> 
> On Fri, May 20, 2011 at 8:18 AM, john francis lee <jfl at robinlea.com>
> wrote:
> 
> > Hi,
> >
> > I set up a test wikka, sometime ago actually, but now that wikka 
> has
> > utf-8 support in 1.3.1 I'm more excited again.
> >
> > But I have noticed that I can use wget to download the
> wikka.config.php
> > file with no trouble. Of course it contains my data base password.
> How
> > can this be secure? I must have set it up incorrectly, somehow,
> right?
> >
> > wikka.config.php is loated in the document root of my wikk site. Is
> > this 'correct'?
> >
> > Thanks for your help.
> >
> > --
> > "This message may have been intercepted and read by U.S. government
> > agencies including the FBI, CIA, and NSA and/or the present
> government
> > of Thailand without notice or warrant or knowledge of sender or
> > recipient."
> >
> > John Francis Lee
> > 246/3 Thanon Kaew Wai
> > Mueang Chiangrai 57000
> > Thailand
> >
> >
> > _______________________________________________
> > WikkaWiki Community mailing list
> > community at wikkawiki.org
> > http://mail.wikkawiki.org/mailman/listinfo/community_wikkawiki.org
> >
> 
> 

------quoted attachment------
> _______________________________________________
> WikkaWiki Community mailing list
> community at wikkawiki.org
> http://mail.wikkawiki.org/mailman/listinfo/community_wikkawiki.org
> 
> 



-- 
"This message may have been intercepted and read by U.S. government 
agencies including the FBI, CIA, and NSA and/or the present government 
of Thailand without notice or warrant or knowledge of sender or 
recipient."

John Francis Lee
246/3 Thanon Kaew Wai
Mueang Chiangrai 57000
Thailand

More information about the community mailing list