A long time ago I worked in many shared servers, nowadays I´m not working 
with web sites, only systems, so my customers always has their own server.

The question is:

1) The ini file you mentioned has ini extension?
    if yes, it must be out of the document root because if someone types its 
url, the browser will certainly show up its content.
2) Has it php extension?
    if yes, it can be inside the documento root because if someone types its 
url, PHP will show up only the result of its code..

"Ben Dunlap" <bdun...@agentintellect.com> escreveu na mensagem 
2009/8/14 João Cândido de Souza Neto <j...@consultorweb.cnt.br>:
> I think a good solution is to put the ini file out of your html folder so
> only your scripts can read it.

I agree, and I try to do the same, but I've noticed that most
open-source CMSes I've looked at (Drupal, Joomla, Textpattern, CMS
Made Simple) have always stored database credentials inside of
DocumentRoot, by default.

Not sure if this is a compromise to allow ease-of-use by
less-technical users, or if my insistence on putting this sort of file
outside of DocumentRoot is just paranoia (and not the good kind).

I'd definitely be interested to hear how others on the list approach
this problem.

And that's only one part of the equation, if you're on a
shared-hosting platform. Are you, or do you have your own server?


PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to