SMF put the database password in a file in the same directory as index.php of the server and I cannot use an htaccess file to protect this directory as it ask the visitors for user/passw.
Why this file (settings.php) is not for instance in the sources directory where htaccess can work without asking to visitors to have a user/passw question?
Is this question of the password protection a real threat or my solution a bad one?
django
settings.php can not be called by your browser and read so there should be no security risk involved, unless someone has gotten access to your forum files. you also should not need to set a username/password on the sources folder there are settings on each file to not allow it to be called and read in the browser.
Thank you for your prompt reply !
I hope you're right
django
try it yourself