On 6/12/07, Stut <[EMAIL PROTECTED]> wrote:
Dave Goodchild wrote:
> Unless some server config error causes that stuff to be output on the page?
> I tend to put such functions in a .inc file and amend the .htaccess to
> prevent download.
Unless some server config error causes it to ignore .htaccess.
The basic rule when it comes to securing this stuff is to stick it
outside the web root. That way only a monumentally stupid server admin
or developer can make it possible for the average web user to get at it.
Oh, hang on...!
-Stut
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Just to throw this out there, you can put your information in the
Apache config too and get the values from $_SERVER. This way it can
be owned by root.
See http://ilia.ws/files/quebec_security.pdf slide 59.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
