> >If this file has a .php extension remote users will not have 
> access to 
> >the variables because the file is parsed by php and they 
> never see the 
> >actual file contents when requesting the document via the 
> web.  If you 
> >are concerned with users on localhost having access to the 
> file, simply 
> >give it the correct permissions so that no one else has read access.
> No so easy.  The server itself must have read access.  If 
> other users on the local host can install scripts that the 
> server executes, any of those scripts can read the text of 
> your scripts.
> What then? You're hosed.

That's the beauty of running safe mode.  With that engaged, scripts
can't access files owned by a different username.  There are ways around
it (we have a special exception set up for an app I've been working on
that allows it to include a file based on the domain it was called from
then include the proper templates, which are generally owned by a
different user), but it's difficult without shell access.
Peter Adams            [EMAIL PROTECTED]
Web Developer          http://www.interkan.net
InterKan.Net, Inc.     (785) 565-0991

PHP Database Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

Reply via email to