> it's much easier to detect a modification of a script instead of just a "cat > dbconf.php". no need to modify a script. if a hacker has access to your webserver, in most cases he will be able to access your db server too. if not, in case of your extension it shouldnt be hard for him creating a small script for looking up the data in your tempfolder, gaining the data, and deleting it
this is from point of detection the same class as doing a cat dbconf.php the Point is: your extension is not changing security. btw: why you want to put it under GPL? most extensions have PHP License, that could conflict. regards, Peter Petermann -- Homepage: www.cyberfly.net PHP Usergroups: www.phpug.de - [EMAIL PROTECTED] PHP Infos: www.php-center.de - [EMAIL PROTECTED] VL-SRM Homepage: www.vl-srm.net - [EMAIL PROTECTED] -- PHP Development Mailing List <http://www.php.net/> To unsubscribe, visit: http://www.php.net/unsub.php
