Topic on Project:Support desk

Is there a reason why the web installer doesn't just write the LocalSettings.php file for you?

3 comments 14:12, 8 July 2020 3 years ago
3
Summary by Ataaseq

The webserver shouldn't be able to write to executable files.

Ataaseq (talkcontribs)

I have often wondered why the MediaWiki web installer makes you download LocalSettings.php and upload it yourself instead of just writing the file to the web server for you. Does anyone know why this is the case?

22:15, 7 July 2020 3 years ago
Bawolff (talkcontribs)

the old installer (pre 1.16) did this.

Its to promote security best practise - its best if the webserver doesn't have write access to any file that gets executed. This helps in the case that a hacker finds some vulnerability. We dont create the file in order to encourage people to set up their webserver so that creating the file is impossible.

01:25, 8 July 2020 3 years ago
Ataaseq (talkcontribs)

Aha, sounds reasonable. Guess I've been giving my www too many permissions, then.

14:12, 8 July 2020 3 years ago
Retrieved from "https://www.mediawiki.org/wiki/Topic:Vppndg4dfvt32bkh"