renaming configure.php

[g1media]

As I don't have access to the root level of my server (without contacting my hosting provider) and not being able to set configure.php to read-only, I was wondering whether or not I would be able to rename configure.php making it harder for a would-be attacker to target my site.

Is this possible? If not can anyone else suggest a method of protection for a hosting account on a Windows shared server?

Thanks,
S

[kobra]

You have FTP correct??

I believe that you can FTP it to your win local change it to RO there and FTP it back

[g1media]

That doesn't work. I have tried setting the IUSR account setting to read only but it does nothing. I am running WAMP server locally but my actual domain will be hosted on Windows.

So my original query...can configure.php be renamed?

[DrByte]

So my original query...can configure.php be renamed?

If you rename it, then you have to alter all the core code locations that reference it to use the new name.
Renaming doesn't solve the problem of the file being writable and thus editable and your site defacable and database-connection breakable if someone were to break in.

[g1media]

but what are the chances of someone guessing what the file is now called?

so, other than accessing IIS at server level, there's no way to secure this file on Windows?

[DrByte]

If PHP discovers the configure.php files to be writable, you will continue to see warnings.
If you feel the security risk is minimal or moot, you can customize code to either bypass the warnings or look for the configure.php files by a different name. Feel free to do as you wish.

Setting file/folder permissions on Windows hosting, esp with IIS, has always been a problem.
If your hosting company cannot give you the control you need to secure your site (not just the configure.php files), then perhaps you should consider other hosting options.