HackerOne users: Testing against this community violates our program's Terms of Service and will result in your bounty being denied.
version 3.3 configuration file (644) and folder (755) permission
Has anyone tested setting the configuration file and folders to read and execute only?
I understand that the files and folders were writable for installation and setup.
But I think that once my installation is configured completely, I should be able to lock down file permissions. I don't allow users to upload images, only provide links to images.
I see how the configuration file changes during setup. But after I setup up my plugins, settings, etc, I don't believe I need to touch the config again unless something major changes.
So I'm about to test this but was checking to see if anyone else has tested this.
Yes, making the
/confdirectory read-only works perfectly fine. You just have to unlock it every time you want to change settings in the dashboard.
I don't allow users to upload images, only provide links to images.
This should not be done using folder permissions. Set the file upload permissions for users instead.
My themes: pure | minusbaseline - My plugins: CSSedit | HTMLedit | InfiniteScroll | BirthdayModule | [all] - PM me about customizations
VanillaSkins.com - Plugins, Themes and Graphics for Vanillaforums OS