The *.def files have 666 permission by setup. Now this would mean that a client hosted on the same server as the webmail would just have to do a cat /path_to_def_files and see the database name and password.
Then the same client can connect to Mysql database and play destructively with it wipe off all the tables in a flash.....Correct me if I am wrong.
Isn't this insecure? How to make sure that such a happening is made impossible..... why do the def files and the def directory have to be world readable?
Anup
Then the same client can connect to Mysql database and play destructively with it wipe off all the tables in a flash.....Correct me if I am wrong.
Isn't this insecure? How to make sure that such a happening is made impossible..... why do the def files and the def directory have to be world readable?
Anup