> I suppose include() can be used to include files from remote > systems(not on > WINDOWS).
Only if the sysadmin running your web server allows it, which they should not. > A webmaster on the same server can always use a path like > "/home/htdocs/.../config.php" and include my config .php which contains my > database password !! Not quite, but if you are on a shared server hosted by somebody else, there is a potential problem. If somebody can figure out the name of the function that opens the database, they could call it, potemtially giving access to the data. You could use the solution posted by Justin French to make sure that the function does nothing for them when they call it. As other people have said, your hosting organisation should set the system up so that nobody can read your PHP code, and that nobody outside the host computer can include it. However, I think it would be difficult for them to stop another user on the same server including your code. If you run your own server, you can set it up so that each webmaster is locked into a private environment, but it's messy. According to me, you would need a separate copy of apache for each site, each running under a different user, and they would need to run on separate ports, which is a nuisance. Simon Ritchie Download my introduction to PHP for $25: http://merrowinternet.com/downloads?source=ml -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php