Hi, we're running an install of C5 5.7.5.8 behind a load balancer and recently got an alert that someone tried to access /concrete/config/database.php via a browser URL. It didn't load, but did cause an issue with the load balancer. The security team are now asking if its possible to restrict access to that file, and other config files via htaccess or similar.
So, the question is, C5 needs to access that file to load the database, but is there a security concern if a user can get access to it? If so, can it be locked down without affecting the site itself?
Cheers for the help in advance!
Code
Post Reply
Delete Post
You are allowed to delete your post for 5 minutes after it's posted.
This website stores cookies on your computer. These cookies are used to improve
your website experience and provide more personalized services to you, both on this website and through
other media. To find out more about the cookies we use, see our Privacy Policy.