XF 2.1 Can someone access to config.php file ?

ShinLim

ShinLim

Active member
I think this is a noob question but I still wonder why and is it possible for someone just type in browser and view src/config.php file ?
I tried to access to view it on browser but it went blank, why's that ? I still don't know why, is that because security of system (if so, from what) ?
Can someone please help me answer this ?
Thank you
 
Sort by date Sort by votes
I hope I understood your request correctly, even though it seems like a basic thing and it's strange that you don't have an understanding of the purpose of that file. The XenForo config file acts as a safe for some sensitive data that connects the software with the database. In fact, the config.php file contains the database passwords of your website. Therefore, when accessing the config.php file through a browser, it is interpreted as a webpage and executes its PHP code. If the file only contains PHP code without any HTML code, the browser displays a blank page, which is the correct behavior. If you, as the owner, would like to see the contents of config.php, you should use the file manager of your hosting control panel or download it through an FTP program and view it with an editor such as Notepad++.
 
Upvote 0 Downvote
Miri said:
I hope I understood your request correctly, even though it seems like a basic thing and it's strange that you don't have an understanding of the purpose of that file.
Click to expand...
I took the question to be a concern about the security of that file not about how to view your own config.php, ie how possible it would be for someone else to see the contents.

So I think it is a valid question.
 
Upvote 0 Downvote
It COULD be viewed if you end up turning off php, or the handler for the extension. then, the web server would just send it as text/plain and thus, viewable as source. Don't mis-configure and there's no concern.

There are ways to protect it further. do some searching on protecting the config file here with htpasswd and so forth if you wish.
 
Upvote 0 Downvote
Mr Lucky said:
I took the question to be a concern about the security of that file not about how to view your own config.php, ie how possible it would be for someone else to see the contents.

So I think it is a valid question.
Click to expand...
Yes that's what I mean for the question
When opening php file it gets blank page because of php mechanism (when installing php : yum install php or apt install php), if a site didn't install php then when directly open it it will download the file because the Content-type was application/octet-stream If I understand correctly, everything in "<?php" will be executed by php processor and not display publicly
I'm just curious if someone can view the file somehow ? (except that the server was hacked)

I know it's strange and stupid question but I didn't even notice it for a long time til now
 
Last edited:
Upvote 0 Downvote
No, someone can’t view the file unless your server was misconfigured. You could block direct access to it with your web server if you are worried (same as you can block access to any other URL with your web server).
 
Upvote 0 Downvote
You must log in or register to reply here.

Similar threads

Ariel Schnee
  • Solved
XF 2.2 The config.php File
Replies
2
Views
257
Ariel Schnee
Ariel Schnee
Cupara
  • Question Question
Do I need to configure more options in config.php for Redis?
Replies
0
Views
2K
Cupara
Cupara
jr777
  • Question Question
XF 2.0 Can someone help me figure out how to cycle through different banners in the header?
Replies
4
Views
775
Neutral Singh
N
Robust
Writing to config.php
Replies
1
Views
643
Chris D
Chris D
macroforum
Php 5.4.29 version and ZendOPcache in config.php file
Replies
4
Views
895
macroforum
macroforum
Top Bottom