config.php

Cyril · 2010-05-23 10:42

Cyril
Junior Member
Offline

Registered: 2010-05-23
Posts: 5

Topic: config.php

Hi,

config.php must be on the root ?
I can't delete this file ?
Password, data base name etc are visible here, it's unbelievable !

Thanks,
Cyril

Cyril · 2010-05-23 13:41

Cyril
Junior Member
Offline

Registered: 2010-05-23
Posts: 5

Re: config.php

In fact, my question is :
Is the security good for PunBB ?
It seems very low and nonexistent security. (config.php and install.php)
And if I remove this files, the forum not works.
I'm right ?

Ole Juul · 2010-05-23 21:51

Ole Juul
Senior Member
Offline

From: Coalmont, BC, Canada
Registered: 2010-04-15
Posts: 129

Re: config.php

Security is always an interesting question. The config.php file puzzles me too. Of course one has to be logged in to see it. Have you tried changing permissions? Mine are -rw-r--r-- Hopefully someone who knows will speak to this soon.

The install.php file is not needed. I just deleted mine.

Cyril · 2010-05-24 09:21

Cyril
Junior Member
Offline

Registered: 2010-05-23
Posts: 5

Re: config.php

Thanks,

I try to download config.php from an external link and the file downloaded is 0 octet,
so the file seems protected, but it's little strange
Normally the config.php can be remove.

You are right install.php is not needed

Slavok · 2010-05-24 09:58

Slavok
PunBB Developer
Offline

From: Russia
Registered: 2008-06-11
Posts: 1,238

Re: config.php

Cyril wrote:

In fact, my question is :
Is the security good for PunBB ?
It seems very low and nonexistent security. (config.php and install.php)
And if I remove this files, the forum not works.
I'm right ?

How can the placement of config.php in the forum root imply unsafety?

Cyril · 2010-05-24 10:23

Cyril
Junior Member
Offline

Registered: 2010-05-23
Posts: 5

Re: config.php

Slavok wrote:

Cyril wrote:
In fact, my question is :
Is the security good for PunBB ?
It seems very low and nonexistent security. (config.php and install.php)
And if I remove this files, the forum not works.
I'm right ?
How can the placement of config.php in the forum root imply unsafety?

No, it's no the reason, but the file is not protected (no encrypt) : I think it's a bit low for a good protect

Slavok · 2010-05-24 12:01

Slavok
PunBB Developer
Offline

From: Russia
Registered: 2008-06-11
Posts: 1,238

Re: config.php

Perhaps this topic will help you.

Cyril · 2010-05-24 14:12

Cyril
Junior Member
Offline

Registered: 2010-05-23
Posts: 5

Re: config.php

Slavok wrote:

Perhaps this topic will help you.

Thank you very much, it helps me

Ole Juul · 2010-05-24 21:49

Ole Juul
Senior Member
Offline

From: Coalmont, BC, Canada
Registered: 2010-04-15
Posts: 129

Re: config.php

Thanks for the link Slavok.

I guess what other sites do would be an indication of how safe this configuration is, so I just looked at a current WordPress installation. I can see that they do the same there. The database name and password etc are completely clear to anyone who has access to the file. One can only hope that the server limits access, and indeed that should be the case.

config.php

Posts: 9

1 Topic by Cyril 2010-05-23 10:42

Topic: config.php

2 Reply by Cyril 2010-05-23 13:41

Re: config.php

3 Reply by Ole Juul 2010-05-23 21:51

Re: config.php

4 Reply by Cyril 2010-05-24 09:21

Re: config.php

5 Reply by Slavok 2010-05-24 09:58

Re: config.php

6 Reply by Cyril 2010-05-24 10:23

Re: config.php

7 Reply by Slavok 2010-05-24 12:01

Re: config.php

8 Reply by Cyril 2010-05-24 14:12

Re: config.php

9 Reply by Ole Juul 2010-05-24 21:49

Re: config.php

Posts: 9