Vanilla 1 is no longer supported or maintained. If you need a copy, you can get it here.
HackerOne users: Testing against this community violates our program's Terms of Service and will result in your bounty being denied.

_config.xml is publically viewable

edited November 2006 in Vanilla 1.0 Help
_config.xml is publically viewable. Hiding files and folders through _config.xml is moot when anyone can just look at the config file. I realize that this way of hiding files isn't secure, but it's sufficient for my needs. Can you make it so that options are stored in .php instead of .xml? Thanks.


  • Options
    As a thought, you could probably use a .htaccess file to restrict permissions on the xml file. I'm not sure of the exact way to do it though.
  • Options
    MarkMark Vanilla Staff
    The point of using an underscore to hide the file was not security. It was just so that the config files don't clutter up the display of your other files. Who cares who sees how your app is configured? There's no way for them to reconfigure it just by seeing that.
  • Options
    I solved my problem by just renaming _config.xml to something more obscure. As I've said before, I'm not looking for security. I should have just looked at the code before posting here. Thanks for the responses.
This discussion has been closed.