Thanos Chatziathanassiou wrote:
> 
> I had a nifty idea the other day: "what if I request the global.asa
> directly through http ?". Well, it kind of turned out exactly as I had
> hoped it wouldn't: apache returned the global.asa in plaintext.
> Now, that's all ok, but my global.asa contained the database password
> DBI used to access my db.
> 
> Since this isn't obvious for the casual user, I propose that the
> following be included in httpd.conf:
> 
> <Files global.asa>
>     Order deny,allow
>     Deny from all
> </Files>
> 

Good point.  I don't do this with the examples though because 
I actually want people to see the global.asa there.  This tip 
would be a good candidate for the would be style guide.

Another option users have is to locate the global.asa to 
some other directory that is not www browsable:

  PerlSetVar Global /cannot/browse/this/path

--Josh

_________________________________________________________________
Joshua Chamas                           Chamas Enterprises Inc.
NodeWorks Founder                       Huntington Beach, CA  USA 
http://www.nodeworks.com                1-714-625-4051

---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to