Security: Moving application and system folder out of public_html |
Hi,
Does it increase the security if I move the application and system folder out of public access to server root? Also, is there anyway we can use password other than the plain text in database config and email config? At present, if someone hack the system and manages to get the above file they will easily get access to the database. (05-10-2017, 03:20 AM)moinchoudhari Wrote: Hi, It increases security in the case that you have an accidental mis-configuration of the server that might allow access to things that shouldn't. So, it's more of a safeguard against human error. [/quote] Also, is there anyway we can use password other than the plain text in database config and email config? At present, if someone hack the system and manages to get the above file they will easily get access to the database. [/quote] Nope. If we encrypt the values in such a way that it can be reversed (which it would have to if the system is able to connect to the database) then an attacker could easily un-encrypt it. A little exploration and they'd easily find the method if they are on your server.
|
Welcome Guest, Not a member yet? Register Sign In |