Well since you can relocate the wp-config.php file you could use WordPress.
http://wordpress.org/download/ http://wordpress.org/extend/plugins/wp-e-commerce/ From what I've found it looks like they made it so you don't have to do anything if you just moved the file up one folder. So if you didn't install WordPress to the web root you would need to do something like the following URL has listed under "Protect the WP-Config by Moving the File". http://www.devlounge.net/code/protect-your-wordpress-wp-config-so-you-dont-get-hacked On Wed, May 26, 2010 at 7:50 PM, Michael Torrie <[email protected]> wrote: > Joe C wrote: >> How can XML be more secure than PHP for storing passwords? > > Well I qualified my remark by saying that the XML outside the webroot is > is superior to the in-php-script approach. I must have missed the bit about the XML file being outside of the web root on my first read through. I will admit on the subject of magento that I've only dealt with it from tech support for a web host. So I hated it when people would get hacked because they did something stupid, of course they would blame us even though they were running insecure scripts that they never bothered to update. Some popular options were never updating scripts, using OSCommerce instead of the bug fix called Zencart (They fixed the reliance on register_globals that OSCommerce & many of it's templates needed). Oh that reminds me of another one that was popular a flash form that submited to a php script that was so crappy that it needed register_globals enabled as well. >> I just don't see how that could be possible. I realize that if PHP is >> having issues it can display your stuff, but if that .htaccess file >> gets renamed the same thing can happen & you wouldn't notice that as >> easily as seeing PHP is broken for your site. > > Given that the xml file in this case is in the web root, I agree with > you. I also have to consider Stuart's point that the XML file in the > web root is a bad design, and it makes one wonder about the soundness of > the rest of the code. > /* PLUG: http://plug.org, #utah on irc.freenode.net Unsubscribe: http://plug.org/mailman/options/plug Don't fear the penguin. */
