> >If this file has a .php extension remote users will not have > access to > >the variables because the file is parsed by php and they > never see the > >actual file contents when requesting the document via the > web. If you > >are concerned with users on localhost having access to the > file, simply > >give it the correct permissions so that no one else has read access. > > No so easy. The server itself must have read access. If > other users on the local host can install scripts that the > server executes, any of those scripts can read the text of > your scripts. > > What then? You're hosed.
That's the beauty of running safe mode. With that engaged, scripts can't access files owned by a different username. There are ways around it (we have a special exception set up for an app I've been working on that allows it to include a file based on the domain it was called from then include the proper templates, which are generally owned by a different user), but it's difficult without shell access. ______________________________________________ Peter Adams [EMAIL PROTECTED] Web Developer http://www.interkan.net InterKan.Net, Inc. (785) 565-0991 -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]