The recent thread on security has prompted me to think about
security in a shared server environment.  I want to see if my
understanding is correct ...

Let's say I am in a shared server environment & the provider does
NOT have safe_mode turned on.  In that case, it seems to me that
it is "insecure" to keep "secrets" (e.g., DB passwords) in a PHP
file that is executed by the server.

I say this because any other users of that shared host can read
the PHP file & obtain the secret.  There does not seem to be any
way around this (once again, I am assuming safe_mode is NOT
turned on).

Am I correct?


PHP General Mailing List (
To unsubscribe, visit:

Reply via email to