More Secure Config?
Posted: Wed Mar 14, 2018 11:57 pm
I have a site that contains a MediaWiki, and one of the things they suggest when it comes to their LocalSettings.php (similar to s9y's serendipity_config_local.inc.php) to make it a little more secure is to create a separate PHP file outside of the webroot with the database connection settings and call to it with a require_once.
Is that something that might be a good idea for s9y? Would it be possible to do it as the code currently stands?
What are your thoughts?
(Here's a link to their suggestion: https://www.mediawiki.org/wiki/Manual:S ... _passwords )
EDIT: I do see that in the .htaccess, there is a denial to all requests for .inc.php. That protects the file, but I just wonder if the above practice would be just as effective, more effective, or less. I guess this is just an invitation to a broader discussion of "best practice" or preference...
Is that something that might be a good idea for s9y? Would it be possible to do it as the code currently stands?
What are your thoughts?
(Here's a link to their suggestion: https://www.mediawiki.org/wiki/Manual:S ... _passwords )
EDIT: I do see that in the .htaccess, there is a denial to all requests for .inc.php. That protects the file, but I just wonder if the above practice would be just as effective, more effective, or less. I guess this is just an invitation to a broader discussion of "best practice" or preference...