> If a hacker sees this and knows anything about JAMES, they could take
> advantage that the config.xml file is clear text and easily displays a
> database username and password to someone who could hack into the
> computer.
If someone can see the fact that you are running any particular service, and
by that fact gain access to your file system, then you've got other
problems.
Your priority should be to run a secure server. Typically, that means ABW.
My server is running James and MySQL. In fact, I have other servers
elsewhere in the city that perform real-time replication with the primary
database.
Here are the open TCP ports on my production server:
22/tcp open ssh
25/tcp open smtp
80/tcp open http
110/tcp open pop-3
You'll notice that MySQL is nowhere to be found.
--- Noel
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
