Just curious, the config.php files contains database password, why we default it to be readable worldwide? (644?)
Thanks
Just to give some more context, using this: https://stackoverflow.com/questions/777 ... running-as
I found out in my hosting service, php is running as the same user name as the OC files owner. So I set both config.php file to be 400, and it seems working fine for me (I believe actually I can set all the OC files to be 400). Curious if there is any comments. (should we set it as default for any new OC installations?) Thanks!
I found out in my hosting service, php is running as the same user name as the OC files owner. So I set both config.php file to be 400, and it seems working fine for me (I believe actually I can set all the OC files to be 400). Curious if there is any comments. (should we set it as default for any new OC installations?) Thanks!
The files aren't readable via the web, so there's no real security issue here. For example:
https://demo.opencart.com/config.php
You're certainly fine to change the permissions on them so they can't be read or edited via FTP, though that generally shouldn't be required.
https://demo.opencart.com/config.php
You're certainly fine to change the permissions on them so they can't be read or edited via FTP, though that generally shouldn't be required.
Who is online
Users browsing this forum: No registered users and 12 guests
