r65705 MediaWiki - Code Review archive

Repository:	MediaWiki
Revision:	< r65704‎ \| r65705 \| r65706 >
Date:	18:20, 30 April 2010
Author:	avar
Status:	ok
Tags:
Comment:	Elaborate on the help message for SQLite data directory Go over the security concerns of where the SQLite database should be saved, and suggest that the user keep it away from his webroot.
Modified paths:	/branches/new-installer/phase3/includes/installer/Installer.i18n.php (modified) (history)

Diff [purge]

Index: branches/new-installer/phase3/includes/installer/Installer.i18n.php
—	—	@@ -190,9 +190,18 @@
191	191	'config-db-schema-help' => 'The above schemas are usually correct.
192	192	Only change them if you know you need to.',
193	193	'config-sqlite-dir' => 'SQLite data directory:',
194		~~- 'config-sqlite-dir-help' => "SQLite stores data in a file in the filesystem.~~
195		~~-This directory must be writable by the webserver.~~
196		~~-It should '''not''' be accessible via the web.",~~
	194	+ 'config-sqlite-dir-help' => "SQLite stores all data in a single file.
	195	+
	196	+The directory you provide must be writable by the webserver during installation.
	197	+
	198	+It should '''not''' be accessible via the web, this is why we're not putting it where your PHP files
	199	+are.
	200	+
	201	+We'll write out a <code>.htaccess</code> file along with it, but if that fails someone can gain
	202	+access to your raw database. That includes raw user data (E-Mails, hashed passwords) as well as
	203	+deleted revisions and other restricted data on the wiki.
	204	+
	205	+Consider putting the database somewhere altogether, for example <code>/var/lib/mediawiki/yourwiki</code>.",
197	206	'config-type-mysql' => 'MySQL',
198	207	'config-type-postgres' => 'PostgreSQL',
199	208	'config-type-sqlite' => 'SQLite',

22:47, 18 October 2010 😂 (talk | contribs) changed the status of r65705 [removed: new added: ok]