Simon Males wrote:
One reason I have heard is to have DB passwords outside the web root,
just in case permissions go all weird and are being openly displayed on
the interweb.
This works only if the web admin has securely sandboxed each
web user from the others. On a shared service, if each user
is not su-exec'd properly, it is child's play to open another
user's scripts and include files and read passwords and other
"privileged" information.
cheers
rickw
--
_________________________________
Rick Welykochy || Praxis Services
Never keep up with the Joneses. Try to drag them down to your level. It's
cheaper.
--Quentin Crisp
--
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
