Hello,
I see that one needs to modify config.inc.php in order to do things like send email, and I see that it states right at the top:
; <?php exit(); // DO NOT DELETE ?>
; DO NOT DELETE THE ABOVE LINE!!!
; Doing so will expose this configuration file through your web site!
Which implies, to me, that this file is set up to exit the second its accessed via php. But, I do want to confirm that there is literally no other way to access the file, and that putting passwords and such in this file in plaintext on a server is totally fine.
This file is in my ojs 3.3 install file, so it’s totally exposed to the web. I would appreciate confirmation that including the php exit() line in this file absolutely bars anyone from being able to access/read this file, and passwords are safe.
I guess I’m just worried that someone could expose this file using a method other than php, viewing the source or something in plaintext. Web Security is not my field, so I’m hoping someone with more experience can confirm that having this file exposed in a web-accessible directory (my OJS install directory) on a server is okay if it has plaintext passwords.
Thanks!!