Not signed in (Sign In)

Vanilla 1.1.10 is a product of Lussumo. More Information: Documentation, Community Support.

    • CommentAuthorrejeep
    • CommentTimeNov 20th 2007
     
    Hi!

    Just installed Plogger. What a nice gallery I must say. Thanks for that.

    I would like to give a security flaw heads-up. You have probably thought about it already though. The file plog-config.php has access rights "-rw-r--r--" where I'm both the owner and group. This means that everyone on my server can view my MySQL password in that file. I found a solution (for me) that isn't flawless but it's better then the existing. Set access right to "-rw-r-----" and change the group to the webserver. This worked in my case since none of my users are in the group "apache".

    There might be (and there probably is) a better solution to this (haven't given it a lot of though). But at least I think there a little bit more secure my way.

    Thanks for a totaly neat gallery! ;)

    // Johan