Sorry if this is off-topic, because it's not actually a Mediawiki issue (I
don't think), but I'm going to throw this out to see if anyone has had a
similar issue and has had any success resolving it.
My host has a directory structure that is not secure (for web files). Web
files are viewable by all accounts that are on the same machine (necessary
because Apache does not run under my ID - so my files have to be 705).
This means that index.php, which contains the database id and password, is
readable by any of the host's other customers who are on 'my' server who
browse my www subdir. I have removed AdminSettings.php, and am using a
r/w user in index.php instead of a full access user. But I am still
uncomfortable with having the the r/w user ID and pw 'out there'.
The host provides a wrapper, php-cgiwrap, that will wrap my php files so
that they run under my ID. Then I can set the permissions to 700 and
nobody else can see index.php.
Brion Vibber wrote:
> You'll need to disable pretty URLs. Your default LocalSettings.php will include
> two sample lines setting $wgArticlePath; uncomment the one that's commented and
> comment the one that's uncommented.
That did the trick. Thanks.
Now to decide which I want more: security or pretty URLs.