Topic: chmod config.php
I really like to get some things straight.
The config.php has to be chmod 644 ?
That means that all users can view the file and see the database username and pass?
Why does it have to be like that??
Re: chmod config.php
Err, that doesn't mean I can go to www.yoursite.com/config.php in a browser and see the file
If it does mean that (I really don't know what the different chmod numericals mean), then it means that someone would have to have some level of access to the server to read it.
The issue (I believe) is that Apache runs as a different user than, say, you when you upload things to the server via FTP or SFTP. Thus, you can't chmod it such that only your user can read it. If your server is set up in such a way, then chmodding it so only you can read it is what you should do.
But remember, the reason the file has to be readable is so PunBB knows what the database info is. It's the same for every other piece of PHP software I've seen
Re: chmod config.php
If you're running PHP as a CGI (like Dreamhost allows you to) the config.php doesn't need to be readable by anyone else.
Re: chmod config.php
And config.php doesn't HAVE TO be 644. The only requirement is that the webserver user (e.g. httpd or nobody or something similar) can read it.
"Programming is like sex: one mistake and you have to support it for the rest of your life."
Re: chmod config.php
Yea, I checked the ownership on the config.php. It was owned by a different user than apache uses to run. I now use the same user and have a chmod of 600 on the config.php!! thanx!