Welcome Guest, Not a member yet? Register   Sign In
Security: Moving application and system folder out of public_html
#1

Hi,
Does it increase the security if I move the application and system folder out of public access to server root?
Also, is there anyway we can use password other than the plain text in database config and email config?
At present, if someone hack the system and manages to get the above file they will easily get access to the database.
Reply
Reply
#3

(05-10-2017, 03:20 AM)moinchoudhari Wrote: Hi,
Does it increase the security if I move the application and system folder out of public access to server root?

It increases security in the case that you have an accidental mis-configuration of the server that might allow access to things that shouldn't. So, it's more of a safeguard against human error.

[/quote]
Also, is there anyway we can use password other than the plain text in database config and email config?
At present, if someone hack the system and manages to get the above file they will easily get access to the database.
[/quote]

Nope. If we encrypt the values in such a way that it can be reversed (which it would have to if the system is able to connect to the database) then an attacker could easily un-encrypt it. A little exploration and they'd easily find the method if they are on your server.
Reply
#4

@ciadmin I have already gone through that. Just was keen to know whether it safeguard the files or not. However, the reply from @kilishan has cleared this to some extent. Thanks both of you for your time and replies to my questions.
Reply




Theme © iAndrew 2016 - Forum software by © MyBB