Difference between revisions of "Moving sensitive files outside the web root"
From Joomla! Documentation
(→Symlinks defeat this.: new section) |
Realityking (talk | contribs) (→Discussion on the forum: new section) |
||
Line 14: | Line 14: | ||
I am a big fan of symlinks, but they are no substitute for not allowing access to the files in question. | I am a big fan of symlinks, but they are no substitute for not allowing access to the files in question. | ||
+ | |||
+ | == Discussion on the forum == | ||
+ | |||
+ | Moving the reference to the discussion on the forum over to this page. Thread on the forum: [http://forum.joomla.org/viewtopic.php?f=432&t=490901 forum topic] |
Revision as of 11:05, 4 April 2011
Using symlinks?
Can the same kind of security not be reached using a symlink on *nix systems? So you place the configuration.php above the webroot and place a symlink from the original position to the new place of the configuration.php?
Symlinks defeat this.[edit]
Normally, web servers will follow symlinks. (although this is configurable on most web servers.)
If you move files out of the web root and make a symlink to them the files are still readable by the world.
The advantage of moving read only files out of the web root and making a symbolic link to them is that it allows you to segment your auditing of your server, and allows things as simple as find -type f to locate all files to be audited after a suspected intrusion.
Further more, symlinks can cause certain attacks to fail as they are based on assumptions that are not true.
I am a big fan of symlinks, but they are no substitute for not allowing access to the files in question.
Discussion on the forum[edit]
Moving the reference to the discussion on the forum over to this page. Thread on the forum: forum topic