Manual talk:Securing database passwords
Everything I deleted from this page was completely wrong. If you set the owner of a file to be the webserver, it means that scripts and the webserver are able to change any permission at any time! Besides that, setting rights for the webserver to "read" does not hold it from reading the source and sending it out, so it's no fix. The most secure solution is to keep password out of the web root, to set password file's group ownership to that of the webserver, and to revoke all permissions from others. Please, don't set peoples installations at risk, when you don't know what you're doing writing silly instructions. --Bachsau (talk) 21:18, 30 September 2012 (UTC)
Is this unnecessarily complicated?
- Obviously nothing. 400 would be more secure, but won't work everywhere. The only true answer to this is, that it depends on server configuration what works and what is secure. There is no general way on how to do it. If you know *nix and your server's configuration, you will be able to secure your installation, otherwise you won't. However, if you are on shared webspace, your provider's configuration is correct and there aren't any major security flaws in mediawiki, you won't have to do anything but upload, configure and be happy, and you should be secure. --Bachsau (talk) 13:59, 10 January 2013 (UTC)