>> That does not stop another php user fopen'ing your config file.
This is a point that needs to be stressed. The other posts about keeping db
connection info outside of the web tree and naming the files .php are good
ones, but even with them, there can be major security problems on a shared
vir
At 6:22 PM +1000 9/5/01, speedboy wrote:
> > $0 option:
>> Put your user ID and password in a config file, then give only the
>> webserver user access to it. Read the config file to make it work. This
>> also allows easy switching between test and production environments.
>
>You can't change