Never store tar backups in web accessible directory

06 Oct 2006

Posted by joshb

One blog is accumulating Google code searches that reveal information they shouldn't. For example this search produces a list of some Drupal database usernames and passwords. Most are for distributions but a few folks have unwisely put backups of their configuration files in .tar files inside their web accessible directories.

Simply put, no file containing sensitive data should ever be stored in a web accessible directory unless it has the proper extension to prevent random browsing. Files like Drupal's settings.php are OK because they must go through the PHP processor. Putting settings.php.txt or a .tar file with a settings.php in a web directory is a bad idea.

Average:

Your rating: None

Tags:

Comments

Post new comment

Your name: *

E-mail: *

The content of this field is kept private and will not be shown publicly.

Homepage:

Subject:

Comment: *

Link to Amazon products with: [amazon product_id inline|full|thumbnail]. Example: [amazon 1590597559 thumbnail]
You may post code using <code>...</code> (generic) or <?php ... ?> (highlighted PHP) tags.
You may insert videos with [video:URL]
Use [fn]...[/fn] (or <fn>...</fn>) to insert automatically numbered footnotes.
Allowed HTML tags: <a> <b> <dd> <dl> <dt> <i> <li> <ol> <u> <ul><p> <img> <table> <tr> <td><strong><em><sup><div><fn><h1><h2><h3><h4><blockquote><img style="">
Lines and paragraphs break automatically.
Web page addresses and e-mail addresses turn into links automatically. (Better URL filter.)

More information about formatting options

Live from twitter...

@emaildiva Yes I've got it on a few sites that aren't yet public and it's a really well put together theme.

— 14 hours 40 min ago
@emaildiva In looking for good Drupal themes might check out this recent post on Acquia Marina. Lots it can do. http://bit.ly/1rYxLH

— 15 hours 5 min ago
@dancourse best Drupal book is relative to what you're trying to do....

— 19 hours 40 min ago
It's funny that we can name boys with their father's names but for some reason Sarah Jr. doesn't get real consideration??

— 1 day 4 hours ago

Adding Understanding