One other alternative, is to encrypt your xml file if you do not have any "outside your webroot" folders. But any decent host should do this by default, your FTP root should be non web accessible and have a webroot folder inside it. But really if such a small thing is an issue, then time to switch to hosts as dave says, I'll plug cfmxhosting.co.uk :-)
Snake -----Original Message----- From: Dave Carabetta [mailto:[EMAIL PROTECTED] Sent: 26 August 2006 16:03 To: CF-Talk Subject: Re: Securing your config.xml file On 8/25/06, Will Tomlinson <[EMAIL PROTECTED]> wrote: > Right now my config.xml file resides where it can be browsed and read easily. Ray C. helped me a while back on how to secure it. One of the options is to place outside the root and read it. This needs to work with a shared host so that's not a good option. Another was to setup a defaults.cfm file with the xml commented out. Then you read the file, taking out the comments. If someone browses to the file, they'd see nothing. > I'm not sure why being on a shared host eliminates placing it outside of the web root. My personal site is on a shared host, and I have access to directories that are within my account, but outside of the web root. Further, you could set up a directory outside of your web root and ask your host to set up a mapping. If they won't let you do this, then it's time to switch to HostMySite.com, who is unbelievably accomodating when it comes to this sort of stuff. Regards, Dave. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Introducing the Fusion Authority Quarterly Update. 80 pages of hard-hitting, up-to-date ColdFusion information by your peers, delivered to your door four times a year. http://www.fusionauthority.com/quarterly Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:251180 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4