Moving sensitive files outside the web root
Can the same kind of security not be reached using a symlink on *nix systems? So you place the configuration.php above the webroot and place a symlink from the original position to the new place of the configuration.php?
Normally, web servers will follow symlinks. (although this is configurable on most web servers.)
If you move files out of the web root and make a symlink to them the files are still readable by the world.
The advantage of moving read only files out of the web root and making a symbolic link to them is that it allows you to segment your auditing of your server, and allows things as simple as find -type f to locate all files to be audited after a suspected intrusion.
Further more, symlinks can cause certain attacks to fail as they are based on assumptions that are not true.
I am a big fan of symlinks, but they are no substitute for not allowing access to the files in question.
Discussion on the forum
Moving the reference to the discussion on the forum over to this page. Thread on the forum: forum topic
This page should probably be moved.
As the page notice indicates, the security information on this page is generally accepted by the security moderators as no longer relevant and provides no additional or very minimal additional security to a website. This page currently remains for historical purposes and should either be deleted, removed from the multiple categories it currently resides in and moved into the new security area.
- Hi Phil, If I'm understanding you right, strip all categories and use a new one called Category:Security Archives. Then update the Security page to show archived security articles in a new box or DPL'd from the category. Tom Hutchison (talk) 07:43, 15 November 2012 (CST)
The page archive looks good.