On Fri, 2009-08-14 at 15:03 -0300, Martin Scotta wrote:
> 2009/8/14 Ben Dunlap <bdun...@agentintellect.com>
> > 2009/8/14 João Cândido de Souza Neto <j...@consultorweb.cnt.br>:
> > > I think a good solution is to put the ini file out of your html folder so
> > > only your scripts can read it.
> >
> > I agree, and I try to do the same, but I've noticed that most
> > open-source CMSes I've looked at (Drupal, Joomla, Textpattern, CMS
> > Made Simple) have always stored database credentials inside of
> > DocumentRoot, by default.
> >
> > Not sure if this is a compromise to allow ease-of-use by
> > less-technical users, or if my insistence on putting this sort of file
> > outside of DocumentRoot is just paranoia (and not the good kind).
> >
> > I'd definitely be interested to hear how others on the list approach
> > this problem.
> >
> > And that's only one part of the equation, if you're on a
> > shared-hosting platform. Are you, or do you have your own server?
> >
> > Ben
> >
> > --
> > PHP General Mailing List (http://www.php.net/)
> > To unsubscribe, visit: http://www.php.net/unsub.php
> >
> >
> A workaround to this is to simple let the browser get the ini as a php file.
> What? are you insane? no. it is really easy.
> 1) Name your ini files .php so, database.ini will be database.php
> 2) Put in the top of your script this line
> ;<?php exit;?>
> So, when the file is opened as an ini file the semilcolon indicates that
> it's a comment.
> But, when the browser call for this file... php just exit's in the first
> line.
> Our data will be safe as long as the first line will remains there.

Silly idea. If you want to read in the ini file via PHP to get the
values out, why don't you just have them as PHP vars? There's extra
overhead involved in processing the ini, which is a big bad idea if the
ini is used to hold database details, as not only does the database
connection take time, but you've increased the time needed to access the
connection details! Way to go!


PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to