Post by koc2018 » Wed Dec 26, 2018 2:35 am

Just curious, the config.php files contains database password, why we default it to be readable worldwide? (644?)

Thanks

New member

Posts

Joined
Mon Oct 01, 2018 1:45 pm

Post by koc2018 » Wed Dec 26, 2018 2:41 am

Just to give some more context, using this: https://stackoverflow.com/questions/777 ... running-as
I found out in my hosting service, php is running as the same user name as the OC files owner. So I set both config.php file to be 400, and it seems working fine for me (I believe actually I can set all the OC files to be 400). Curious if there is any comments. (should we set it as default for any new OC installations?) Thanks!

New member

Posts

Joined
Mon Oct 01, 2018 1:45 pm

Post by Johnathan » Thu Dec 27, 2018 11:21 pm

The files aren't readable via the web, so there's no real security issue here. For example:

https://demo.opencart.com/config.php

You're certainly fine to change the permissions on them so they can't be read or edited via FTP, though that generally shouldn't be required.

Image
Image Image Image Image


User avatar
Global Moderator

Posts

Joined
Fri Dec 18, 2009 3:08 am

Who is online

Users browsing this forum: No registered users and 1 guest