HackerOne users: Testing against this community violates our program's Terms of Service and will result in your bounty being denied.

version 3.3 configuration file (644) and folder (755) permission

Hi there,

Has anyone tested setting the configuration file and folders to read and execute only?

I understand that the files and folders were writable for installation and setup.

But I think that once my installation is configured completely, I should be able to lock down file permissions. I don't allow users to upload images, only provide links to images.

I see how the configuration file changes during setup. But after I setup up my plugins, settings, etc, I don't believe I need to touch the config again unless something major changes.

So I'm about to test this but was checking to see if anyone else has tested this.

Cheers.

Comments

Sign In or Register to comment.