[wp-trac] Re: [WordPress Trac] #1038: Limit access to php files
WordPress Trac
wp-trac at lists.automattic.com
Sun Mar 19 18:14:36 GMT 2006
#1038: Limit access to php files
-------------------------+--------------------------------------------------
Id: 1038 | Status: assigned
Component: Security | Modified: Sun Mar 19 18:14:36 2006
Severity: enhancement | Milestone: 2.1
Priority: low | Version: 1.5.2
Owner: matt | Reporter: anonymousbugger
-------------------------+--------------------------------------------------
Comment (by robmiller):
''I think there's no need for a patch, since a properly configured HTTP
server doesn't provide direct access to the PHP source code.''
It'd be nice to block access to wp-config.php "just in case"; if something
goes wrong with Apache and it stops parsing PHP files, someone could fetch
your config without you knowing. Sure, it's an unlikely thing but
considering the tiny amount of effort required to disallow access it seems
worth it.
--
Ticket URL: <http://trac.wordpress.org/ticket/1038>
WordPress Trac <http://wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list