Hey there Ben, thanks for the reply, I understand what you're saying but have a couple of questions:
With regards you point 1 - if someone got access to your web server would they not be able to get onto your database and get at the paypal info anyway? Re point 2 - crikey, database is the way to go then! But also, the way that tutorial stores the password it's in an included file and the included file is not located in the webroot. I had read somewhere that if you do that and the php code was shown then they'd only be able to see the variable $password rather than the contents of that variable. Is that right? It's all very confusing! I really appreciate your knowledge Sarah On Aug 24, 6:22 am, Ben McClure <ben.mccl...@gmail.com> wrote: > You have to store your API key somewhere, and your site needs to know how to > retrieve it. > > There are two main issues with storing it directly in the file: > > 1. As already stated, if someone gets access to your web server or FTP > information, they'll have your PayPal API information as well. > 2. If your web server ever gets misconfigured and displays the actual PHP > code on the browser (not uncommon), your API key will be shown to anyone > who > views that URL. > > It might make more sense to store those details in your application's > database, which, as also mentioned previously, should not be accessible from > anywhere but your web server. > > Ben -- Our newest site for the community: CakePHP Video Tutorials http://tv.cakephp.org Check out the new CakePHP Questions site http://ask.cakephp.org and help others with their CakePHP related questions. To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php
