forum.coppermine-gallery.net
Support => Older/other versions => cpg1.1.X Support (standalone) => Topic started by: petardo on October 09, 2003, 09:04:55 am
-
Is it - and how - secured that my mysql password in the config.inc.php file is not accessible by anyone else than me? What are the most secure chmod settings for the different files and directories so that the webpage is still fully functional? I don't want for example to let people directly browse my album directories, however setting permissions less than 777 hinders proper functioning.
-
permissions depend on the server config of your webhost (especially if you're on safe_mode webspace), but as a rule of thumb: after install the script only needs read access to config.inc.php and no-one else.
Here's what you do:
try setting permissions as minimalistic as possible, test if your gallery still runs (remember to refresh the page - you wouldn't want to test with the cached version). If it doesn't, grant more access step by step.
The script needs read-only access (in the best case CHMOD to 400 or r------) in:
/bridge (if you run 1.1.1)
/include
/sql
The user surfing your site needs access (in the best case CHMOD to 555 or r-xr-xr-x) in:
/images
/themes
The script needs write access, the user read access (in the best case CHMOD to 755 or rwxr-xr-x) in:
/albums
Hope this answers your question
GauGau
-
permissions depend on the server config of your webhost (especially if you're on safe_mode webspace), but as a rule of thumb: after install the script only needs read access to config.inc.php and no-one else.
Here's what you do:
try setting permissions as minimalistic as possible, test if your gallery still runs (remember to refresh the page - you wouldn't want to test with the cached version). If it doesn't, grant more access step by step.
The script needs read-only access (in the best case CHMOD to 400 or r------) in:
/bridge (if you run 1.1.1)
/include
/sql
The user surfing your site needs access (in the best case CHMOD to 555 or r-xr-xr-x) in:
/images
/themes
The script needs write access, the user read access (in the best case CHMOD to 755 or rwxr-xr-x) in:
/albums
Hope this answers your question
GauGau
Thanks.
When you write The script needs read-only access (in the best case CHMOD to 400 or r------) in:
/bridge (if you run 1.1.1)
/include
/sql
does it relate both to the folder and the files underneath?
Another question about the config.inc.php (because this file contains the password): If I browse the url .../include/config.inc.php file, there is no prohibition but an empty page appears (since the server just executes the php script). Can I be sure that no one with no method can read the content of that file - that is access my password?
:?:
-
does it relate both to the folder and the files underneath?
yes
Another question about the config.inc.php (because this file contains the password): If I browse the url .../include/config.inc.php file, there is no prohibition but an empty page appears (since the server just executes the php script). Can I be sure that no one with no method can read the content of that file - that is access my password?
:?:
I not a security specialist, but afaik your password should be safe with this method (at least this is the same method phpMyAdmin and most bbs keep their mySQL information - you have to keep it somewhere in a file. I agree that the best method would be to hide it outside the webroot, I'll give this some thoughts...
GauGau