With this module you can store any configuration, you simply make an associative array with them and pass to cfg_set like this:
$conf[name] = "my name"; $conf[myconf] = "i need this to bet set"; $conf[otherconf] = "anything i want it to be"; .... cfg_set("myconffile",$conf); and when you run $conf = cfg_get("myconffile"); $conf will be set to the original associative array. Keyser Soze ----- Original Message ----- From: "Joseph Tate" <[EMAIL PROTECTED]> To: "Keyser Soze" <[EMAIL PROTECTED]> Cc: "PHP-DEV" <[EMAIL PROTECTED]> Sent: Tuesday, March 05, 2002 2:46 PM Subject: RE: [PHP-DEV] New Module [snip] > Comments? > > I just thought of another use for this "New Module" too. It would have to > be extended, but: > I would like to store a number of "configuration" or "site specific" > information in some non-user-readable way. This includes path information, > SQL queries. MD5 keys. Not sure exactly how this would shape up without > some kind of admin tool that ran on the server, but having this kind of > "embedded" databasing system would be pretty cool. > > Anyway, if you've been able to follow my meandering, congratulations. I > just wanted to put in my $.02. I definitely don't have time to develop this > kind of thing right now, but think it would be very useful. > > Joseph > > > -----Original Message----- > > From: Keyser Soze [mailto:[EMAIL PROTECTED]] > > Sent: Tuesday, March 05, 2002 10:55 AM > > Cc: PHP-DEV > > Subject: Re: [PHP-DEV] New Module > > > > > > Not if the webserver is in another machine, he could have gained access to > > my system thru a security flaw in my webserver, one that doesn't > > have in my > > database server. > > > > And he just could create the script in a tempfolder and execute > > it if php is > > a cgi module, unless he has apache html write rights. > > I thought of this extension to make it harder for a hacker to access data, > > and easier for admins to detect the access from that data. > > But I thought a workaround for this case....I can modify the sources so > > cfg_get may store the last script who accessed that file, or maybe cfg_set > > could just grant access to one script....this could make impossible for > > anyone to create another script just to get it. > > I'm new in extension development, so I don't know if it's possible to know > > inside my function what script is calling it. > > > > hmmm, i hadn't noticed the PHP License....that sounds ok for me. > > > > regards, > > Keyser Soze > > > > ----- Original Message ----- > > From: "Peter Petermann" <[EMAIL PROTECTED]> > > To: "Keyser Soze" <[EMAIL PROTECTED]>; "Robin Ericsson" > > <[EMAIL PROTECTED]> > > Cc: "PHP-DEV" <[EMAIL PROTECTED]> > > Sent: Tuesday, March 05, 2002 12:12 PM > > Subject: Re: [PHP-DEV] New Module > > > > > > > it's much easier to detect a modification of a script instead of just a > > "cat > > > dbconf.php". > > no need to modify a script. > > if a hacker has access to your webserver, > > in most cases he will be able to access your db server too. > > if not, in case of your extension > > it shouldnt be hard for him > > creating a small script for looking up the data > > in your tempfolder, > > gaining the data, > > and deleting it > > > > this is from point of detection the same class as doing a cat dbconf.php > > the Point is: your extension is not changing security. > > > > btw: why you want to put it under GPL? > > most extensions have PHP License, > > that could conflict. > > > > regards, > > Peter Petermann > > -- > > Homepage: www.cyberfly.net > > PHP Usergroups: www.phpug.de - [EMAIL PROTECTED] > > PHP Infos: www.php-center.de - [EMAIL PROTECTED] > > VL-SRM Homepage: www.vl-srm.net - [EMAIL PROTECTED] > > > > > > > > > > > > -- > > PHP Development Mailing List <http://www.php.net/> > > To unsubscribe, visit: http://www.php.net/unsub.php > > > > > > > > -- > > PHP Development Mailing List <http://www.php.net/> > > To unsubscribe, visit: http://www.php.net/unsub.php > -- PHP Development Mailing List <http://www.php.net/> To unsubscribe, visit: http://www.php.net/unsub.php