This might be of interest.
"Consider moving the database password or other potentially sensitive data from LocalSettings.php to another file located outside of the web document root, and include()ing that file from LocalSettings.php. This can help to ensure that your database password will not be compromised if a web server configuration error disables PHP execution and reveals the file's source text."
http://meta.wikimedia.org/wiki/Documentation:Security#Alternate_file_layout
-----Original Message----- From: Rob Church [mailto:robchur@gmail.com] Sent: Monday, May 08, 2006 9:52 AM To: MediaWiki announcements and site admin list Subject: Re: [Mediawiki-l] Security issues with directories
On 08/05/06, Tels nospam-abuse@bloodgate.com wrote:
Moin,
On Monday 08 May 2006 00:58, Rick DeNatale wrote:
On 5/6/06, Brion Vibber brion@pobox.com wrote:
Note that MediaWiki is open source, so there's little benefit to "seeing" these files. ;)
Well there are some things in LocalSettings.php (e.g. MySql config stuff) that I might not want others to see.
When using Apache, add a .htaccess file with the contents:
Deny from all
Yes, a .htaccess in the wiki root with that in will stop it being used. Meanwhile, MediaWiki should come with some such files in specific directories, e.g. includes and maintenance.
Rob Church _______________________________________________ MediaWiki-l mailing list MediaWiki-l@Wikimedia.org http://mail.wikipedia.org/mailman/listinfo/mediawiki-l