On Thu, 2010-11-11 at 17:16 -0200, Jo?o C?ndido de Souza Neto wrote:

> Agreed.
> -- 
> Joo Cndido de Souza Neto
> "Tamara Temple" <tamouse.li...@gmail.com> escreveu na mensagem 
> news:977f087c-bb11-4444-b851-21616ae9e...@gmail.com...
> > I'm curious what the lists' opinions are regarding the use of an .ini 
> > file versus an include configuration file in PHP code are?
> >
> > I can see uses for either (or both).
> >
> > To me, it seems that an .ini file would be ideal in the case where you 
> > want to allow a simpler interface for people installing your app to 
> > configure things that need configuring, and an included PHP code 
> > configuration file for things you don't necessarily want the average 
> > installer to change.
> >
> > What do you think?
> >
> > Tamara
> > 

There are potential security concerns involved too. An .ini file will be
output as plain text by default by the web server if requested by a user
agent unless it is protected somehow (by a .htaccess file for example)
or it is outside of document root for the server. A PHP file on the
other hand will be parsed, so won't output it's variables.

It's all too easy to forget to protect an ini file from this sort of
thing, whereas if you've written a website in PHP, it becomes fairly
evident if your web server isn't configured for PHP without testing
specifically for it!


Reply via email to