jonsjava
commented
9 years ago The same data is web user readable in /WEB_PATH/lib/db_config.php
This is designed to run on a stand-alone server with only people who have access to the system on the sever itself. I will add that note in my documentation. Thank you for that info!
With that said, I can lock it down, but we are still looking at www-data/apache having the same read access to essentially the same data.
The following files are readable for all users on the host-system thus allowing anyone to see the password for the mysql-connection.