security for database password

fordjango · July 02, 2011, 09:09:12 AM

SMF put the database password in a file in the same directory as index.php of the server and I cannot use an htaccess file to protect this directory as it ask the visitors for user/passw.

Why this file (settings.php) is not for instance in the sources directory where htaccess can work without asking to visitors to have a user/passw question?

Is this question of the password protection a real threat or my solution a bad one?

django

Illori · July 02, 2011, 09:16:09 AM

settings.php can not be called by your browser and read so there should be no security risk involved, unless someone has gotten access to your forum files. you also should not need to set a username/password on the sources folder there are settings on each file to not allow it to be called and read in the browser.

fordjango · July 02, 2011, 03:54:29 PM

Thank you for your prompt reply !

I hope you're right

django

Illori · July 02, 2011, 04:13:54 PM

try it yourself

News:

security for database password

fordjango

Illori

fordjango

Illori