Joe C wrote: > How can XML be more secure than PHP for storing passwords?
Well I qualified my remark by saying that the XML outside the webroot is is superior to the in-php-script approach. > I just don't see how that could be possible. I realize that if PHP is > having issues it can display your stuff, but if that .htaccess file > gets renamed the same thing can happen & you wouldn't notice that as > easily as seeing PHP is broken for your site. Given that the xml file in this case is in the web root, I agree with you. I also have to consider Stuart's point that the XML file in the web root is a bad design, and it makes one wonder about the soundness of the rest of the code. /* PLUG: http://plug.org, #utah on irc.freenode.net Unsubscribe: http://plug.org/mailman/options/plug Don't fear the penguin. */
