> 1) Name your ini files .php so, database.ini will be database.php

Actually I was assuming the configuration file to be a PHP script --
as is typical in big open-source CMSes. I took "ini file" earlier in
the thread to be a generic description of any file, whatever the
extension, that contains sensitive configuration data.

> Our data will be safe as long as the first line will remains there.

And as long as the file is actually handed off to PHP for processing.
Seems like there are plenty of situations, none of them too
far-fetched, that could cause the web server to mistakenly serve a
file with ".php" in its name as a generic text file rather than
handling it correctly. I'd rather just have the file outside of
DocumentRoot and avoid that risk entirely. But again, maybe that's
just unproductive paranoia?


PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to