24 Jun
2006
24 Jun
'06
7:23 a.m.
Hi
In the default package there should be .htaccess files to prevent reading of .inc files. By default most Apache installations will allow reading of .inc files posing a security risk, so each directory containing these should have an htaccess file such as
Order allow,deny Deny from all
in the 'program' directory to prevent people from gaining access to database passwords in the configuration.
--
Colin Alston karnaugh@karnaugh.za.net
http://www.karnaugh.za.net/
"There have been hacker forums where, out of some misguided sense of
hyper-courtesy, participants are banned from posting any fault-finding
with another's posts, and told ''Don't say anything if you're
unwilling to help the user.'' The resulting departure of clueful
participants to elsewhere causes them to descend into meaningless
babble and become useless as technical forums." - Eric Steven Raymond