On Tue, October 3, 2006 1:40 pm, Deckard wrote: > Hi Richard, > > Richard Lynch wrote: >> First, you're scaring the [bleep] out of me from a security >> standpoint >> writing mysql passwords into files... > It's not that unusual. > It's a matter of securing the web server.
Yes, it *is* unfortunately VERY common for web applications in heavy distribution/use to have their mysql password in an include file in the webtree, and that file is readable/writable by the PHP user. And, worse, moving that file out of the web tree and changing include_path fails miserably because the so-called architects presume no PHP user actually knows how to work include_path, so they have some stupid "work-around" of hard-coding a prefix in an included file, which then "locks" the include files into their brain-dead layout of passwords and include files inside the webtree. And while it's very common, that does not make it Right. Perhaps that clarifies things?... -- Some people have a "gift" link here. Know what I want? I want you to buy a CD from some starving artist. http://cdbaby.com/browse/from/lynch Yeah, I get a buck. So? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
