Thanos Chatziathanassiou wrote: > > I had a nifty idea the other day: "what if I request the global.asa > directly through http ?". Well, it kind of turned out exactly as I had > hoped it wouldn't: apache returned the global.asa in plaintext. > Now, that's all ok, but my global.asa contained the database password > DBI used to access my db. > > Since this isn't obvious for the casual user, I propose that the > following be included in httpd.conf: > > <Files global.asa> > Order deny,allow > Deny from all > </Files> >
Good point. I don't do this with the examples though because I actually want people to see the global.asa there. This tip would be a good candidate for the would be style guide. Another option users have is to locate the global.asa to some other directory that is not www browsable: PerlSetVar Global /cannot/browse/this/path --Josh _________________________________________________________________ Joshua Chamas Chamas Enterprises Inc. NodeWorks Founder Huntington Beach, CA USA http://www.nodeworks.com 1-714-625-4051 --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
