Re: php includes & security
by David Mintz <mambomintz(at)yahoo.com>
|
| Date: |
Fri, 16 Mar 2001 10:40:13 -0800 (PST) |
| To: |
hwg-languages(at)hwg.org |
| In-Reply-To: |
myip |
| |
todo: View
Thread,
Original
|
|
But if there's a configuration error or some other
problem on the server, anything under your web
document directory could be exposed as though it were
a plain text file, couldn't it?
I believe that's why one of my books suggests storing
your sensitive inc files outside the web directory
tree, e.g., in /usr/home/yourname/inc/
David Mintz
Spanish Interpreter, US District Court
Southern District of New York
Web Design & Hosting http://dmintzweb.com/
Personal http://panix.com/~dmintz/
--- Satya <satyap(at)satya.virtualave.net> wrote:
> On Mar 9, 2001 at 22:41, Martin McCarthy wrote:
>
> >However, if your includes contain sensitive
> information like database
> >passwords, you may want to name them .php just in
> case.
>
> Which is why the perl files containing my database
> password etc are
> named *.pl and chmod'd 755.
__________________________________________________
Do You Yahoo!?
Get email at your own domain with Yahoo! Mail.
http://personal.mail.yahoo.com/
HWG: hwg-languages mailing list archives,
maintained by Webmasters @ IWA