Never store tar backups in web accessible directory

Oct
6
2006
Tags:

One blog is accumulating Google code searches that reveal information they shouldn't. For example this search produces a list of some Drupal database usernames and passwords. Most are for distributions but a few folks have unwisely put backups of their configuration files in .tar files inside their web accessible directories.

Simply put, no file containing sensitive data should ever be stored in a web accessible directory unless it has the proper extension to prevent random browsing. Files like Drupal's settings.php are OK because they must go through the PHP processor. Putting settings.php.txt or a .tar file with a settings.php in a web directory is a bad idea.

No votes yet

Comments

Post new comment

The content of this field is kept private and will not be shown publicly.
  • Link to Amazon products with: [amazon product_id inline|full|thumbnail|datadescriptor]. Example: [amazon 1590597559 thumbnail] or [amazon 1590597559 author]. Details are on the Amazon module handbook page.
  • Twitter-style @usersnames are linked to their Twitter account pages.
  • Twitter-style #hashtags are linked to search.twitter.com.
  • Allowed HTML tags: <a> <b> <dd> <dl> <dt> <i> <li> <ol> <u> <ul><p> <img> <table> <tr> <td><strong><em><sup><div><fn><h1><h2><h3><h4><blockquote><img style="">
  • Use [fn]...[/fn] (or <fn>...</fn>) to insert automatically numbered footnotes.
  • You may insert videos with [video:URL]
  • Lines and paragraphs break automatically.
  • Web page addresses and e-mail addresses turn into links automatically. (Better URL filter.)
  • You may post code using <code>...</code> (generic) or <?php ... ?> (highlighted PHP) tags.

More information about formatting options