I had a nifty idea the other day: "what if I request the global.asa
directly through http ?". Well, it kind of turned out exactly as I had
hoped it wouldn't: apache returned the global.asa in plaintext.
Now, that's all ok, but my global.asa contained the database password
DBI used to access my db.
Since this isn't obvious for the casual user, I propose that the
following be included in httpd.conf:
<Files global.asa>
Order deny,allow
Deny from all
</Files>
just to be on the safe side...
Thanos Chatziathanassiou
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
