On Tue, 5 Jun 2001, Don Read wrote:
> Better yet, put the file outside the $DOCUMENT_ROOT, in case your server is
> poorly configured.
>
> include("$DOCUMENT_ROOT/../config.php");
This is a very good idea. One day if the system administrator decides to
back up all the user data and upgrade the web server and forgets to
include support for PHP then all the PHP files become readable as plain
text and casual web surfers could sniff your password. Another scenario
where this could happen is if there are two web servers and your home
directory is mounted on both via NFS or AFS and you may not be aware that
the other web server does not have PHP support.
If you are serving from /home/httpd/html then store your database access
information including passwords in some directory like /home/httpd/secret
and set the right ownerships for that directory and files therein. It is
also a good idea to control extraneous access to the database by
firewalling your site.
Neil
---------------------------------------------------------------------
Before posting, please check:
http://www.mysql.com/manual.php (the manual)
http://lists.mysql.com/ (the list archive)
To request this thread, e-mail <[EMAIL PROTECTED]>
To unsubscribe, e-mail <[EMAIL PROTECTED]>
Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php
