I'm ready to buy but need a bit more on Security

Hmm… I was messing around with my site again today, and I put the original config.php back in its place. But I am still recieving th same error… Did something get erased or messed up because I moved the file? I know I didn’t delete anything, but could have moving the script caused some things to get erased?

Try clearing the template cache and see if that helps

AdminCP / Cleanup templates cache

Also, moving the config file serves very little purpose. Yes it could help in the very unlikely event apache fails to load PHP during a restart but this should never happen on a quality host and would be immediately caught in nearly all cases…

PHP is not a system service and should always be working as long as Apache is unless it has been installed as a CGI binary instead of an Apache module which is a big security risk in itself. [URL=“PHP: Installed as CGI binary - Manual”]http://us2.php.net/security.cgi-bin[/URL]

Usually when an apache module fails, Apache itself will not start and therefore nothing will load. Even in the unlikely event someone was able to get the information within the config file, they would still need a way to use it against you. To use this information would require some form of server access unless that host is allowing external ‘public’ mysql access without IP restrictions. If they do allow this then I suggest moving to a safer host asap.

Another popular way this info will be used against you is through the use of PHP shell scripts that a hacker will find a way to get onto the server and run. This is very popular and easier than you may think on most shared hosting environments. The hacker ‘in many cases’ will only need to find one account on that server with an exploitable script to remotely include this shell which will then allow them to browse files on that account or even all other accounts on that server if proper security isn’t in place to prevent that. Sometimes they will even obtain thier own account on that server in order to run the shell from it. If they are able to get a shell in place to view your files then it wouldn’t have mattered where your config file was located anyway or if it was even visable to the public. They will at this point be able to view it wherever you locate it within your account…

Sorry for writing a book here about what you may not be interested; The point I’ve attempted to make is this. If the hacker is able to use this information against you, You should ‘not’ be on that server with your store!

Your security is only as good as the security policies and dedication of your hosting company.

I didn’t make this reply to promote myself but, I do offer a secure hosting environment for those who are interested and have 3 referrences/clients ‘on this forum’ who I’m sure will be happy to talk about the service they receive. If interested please send a PM for further information

I moved my config.php and was also getting

Warning: Cannot modify header information


I had created a “stub” config.php with these lines in it:


Turns out there was a trailing space in the third line (after ?>). Removing that space eliminated the warnings.

Hope this is useful info to someone!