On Tue, 4 Sep 2001, Mel Matsuoka wrote:
> Having password information embedded in a publicly accessible document such
> as a CGI script is playing with fire, as far as I'm concerned. There may be
> a time when you least expect it when someone (or you) screws up the
> webserver config, and accidentally allows cgi-scripts to be sent out as
> plaintext documents. Ouch.
You've killed any security also if you don't remove backup files from your
web space. emacs, for instance, creates files appended with ~, and people
forget to delete them (or create a cron job that does it). Big hole
there. At the very least, files included in a script that contain
sensitive information should be kept away from the document root of your
webserver.
-- Brett
http://www.chapelperilous.net/
------------------------------------------------------------------------
Those who don't know, talk. Those who don't talk, know.
--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]