I use proftpd, I can setup a chroot for the user that logs in, chroot them to their vhosts dir, move the mysql passwd file out of that dir. now anyone that ftp's in can not read the passwd. as for telnet (shell) access, its rare a user needs that anyhow, if you feel your customers do need that, well its your choice to offer them the security risk or not. I just tell our customers, "sorry, nope, to big of a security risk.", I have yet to have one complain so badly they switch hosting services.
-- Chris Lee [EMAIL PROTECTED] "Kurt Lieber" <[EMAIL PROTECTED]> wrote in message 0110231140330C.23909@z8">news:0110231140330C.23909@z8... > On Tuesday 23 October 2001 11:20, Matt Williams wrote: > > Move it outside the document root > > > > or put a .htaccess file inside the dir to deny access. This will still > > allow system access but will prevent other fopen. > > Either solution still allows anyone with shell access to the machine to read > your password. Not an ideal solution for shared hosting environments, but if > you're running your own server, it's a great solution. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]