Hi Stephan, On 26/02/07, Stephan Jennewein <[EMAIL PROTECTED]> wrote: > whats the best way to secure your config file which stores the database > password etc.? We are storing all these information in an extra file but > at the moment you can view this file with your browser if you know where > it lies.
I usually have this information in a plain config file (not in a Mason component) and have it way outside of your DocumentRoot and/or any ComponentRoots you are using. For example, if your application is mywebapp, I would put it somewhere like this (assuming Unix-type OS): /etc/mywebapp/config.txt > Should I exclude this file through the httpd/vhost config ... You could point to it using an environment variable from the vhost or simply read it from where you know it is. That depends on whether you might want to read a different config file (in which case, go for the env var in the vhost). Remember, this won't be 'included' in the first place (since it isn't accessible to the webserver) so you won't need to exclude it specifically. > or is there a another way with mason to do so? Then, from Mason, I usually use something like Config::Simple, Config::YAML or Config::IniFiles to read it in. If you need info from that file in other places in your Mason hierarchy, you could read the contents into a global variable so all other components can access it too. Hope that helps, Andy -- contact: Andrew Chilton website: http://kapiti.geek.nz/ ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys-and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV _______________________________________________ Mason-users mailing list Mason-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/mason-users
