I use proftpd, I can setup a chroot for the user that logs in, chroot them
to their vhosts dir, move the mysql passwd file out of that dir. now anyone
that ftp's in can not read the passwd. as for telnet (shell) access, its
rare a user needs that anyhow, if you feel your customers do need that, well
its your choice to offer them the security risk or not. I just tell our
customers, "sorry, nope, to big of a security risk.", I have yet to have one
complain so badly they switch hosting services.


  Chris Lee

"Kurt Lieber" <[EMAIL PROTECTED]> wrote in message
> On Tuesday 23 October 2001 11:20, Matt Williams wrote:
> > Move it outside the document root
> >
> > or put a .htaccess file inside the dir to deny access. This will still
> > allow system access but will prevent other fopen.
> Either solution still allows anyone with shell access to the machine to
> your password.  Not an ideal solution for shared hosting environments, but
> you're running your own server, it's a great solution.

PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

Reply via email to