An excellent idea! And necessary. Because, although apache may
process .php3 files when loading, it won't process .inc files (where my
security info is) and they get downloaded as text with the password there
for all to see.
Mark
On Thu, 17 Feb 2000, James Lyon wrote:
> Date: Thu, 17 Feb 2000 13:53:56 +0000
> From: James Lyon <james.lyon@stripped>
> To: "Foley, John" <John.Foley@stripped>
> Cc: MySQL List <mysql@stripped>
> Subject: Re: Comments on security.
>
> > Another good idea is to have your password .php3
> > file OUTSIDE the http server root, and do include() or
> > require().
>
> Ah, now that's clever :-)
>
> (The content can *only* become included once the file is being processed by the
> PHP3 module, and so you're as sure as can be that it ain't gonna slip through.)
>
>
--
Mark Ferraretto Phone: +61 8 8396 2448
Ferraretto IT Services Fax: +61 8 8396 7176
26 Observation Drive Mobile: +61 412 959 714
Highbury SA 5089 Email: mark@stripped
