hi,
On 6/4/07, Rick Welykochy <[EMAIL PROTECTED]> wrote:
Simon Males wrote:
> One reason I have heard is to have DB passwords outside the web root,
> just in case permissions go all weird and are being openly displayed on
> the interweb.
This works only if the web admin has securely sandboxed each
web user from the others. On a shared service, if each user
is not su-exec'd properly, it is child's play to open another
user's scripts and include files and read passwords and other
"privileged" information.
very true, but in no way an argument against keeping such things out
of the webroot. "if you have control of the hosting setup" is the key
phrase here.
cheers
justin
--
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
