[wp-trac] Re: [WordPress Trac] #1038: Limit access to php files

WordPress Trac wp-trac at lists.automattic.com
Sun Mar 19 18:14:36 GMT 2006


#1038: Limit access to php files
-------------------------+--------------------------------------------------
       Id:  1038         |      Status:  assigned                
Component:  Security     |    Modified:  Sun Mar 19 18:14:36 2006
 Severity:  enhancement  |   Milestone:  2.1                     
 Priority:  low          |     Version:  1.5.2                   
    Owner:  matt         |    Reporter:  anonymousbugger         
-------------------------+--------------------------------------------------
Comment (by robmiller):

 ''I think there's no need for a patch, since a properly configured HTTP
 server doesn't provide direct access to the PHP source code.''

 It'd be nice to block access to wp-config.php "just in case"; if something
 goes wrong with Apache and it stops parsing PHP files, someone could fetch
 your config without you knowing. Sure, it's an unlikely thing but
 considering the tiny amount of effort required to disallow access it seems
 worth it.

-- 
Ticket URL: <http://trac.wordpress.org/ticket/1038>
WordPress Trac <http://wordpress.org/>
WordPress blogging software


More information about the wp-trac mailing list