[Mediawiki-l] LocalSettings.php - Security for MW on SourceForge
Kate Turner
kate.turner at gmail.com
Tue Dec 21 05:26:55 UTC 2004
On Mon, 20 Dec 2004 23:45:55 -0500, gregwk <gregwk at vt.edu> wrote:
> That certainly sounds reasonable, but some web pages seem to indicate that
> some
> people have at least had success in restricting access to the
> LocalSettings.php file.
...
> "Increase Security
> The PHP files contain passwords, so let's restrict access:
> chmod 600 /home/bob/wiki.bobsdomain.com/wiki/*.php"
You can set the permissions of LocalSettings.php to whatever you want, as long
as the web server can read it; e.g. PHP must run as the UID that owns the file,
or an ACL must allow access from the web server, etc. On SF, all web
applications
run as the same user, so anything one script can read, every other script can -
no matter whether the permissions are 666 or 600 or anything else. There is
_no way_ to prevent other people from accessing it, because as far as the
permissions on LocalSettings.php are concerned, all scripts have
exactly the same
credentials.
So in a way, yes, SF is fundamentally different from some other places.
Kate.
More information about the MediaWiki-l
mailing list