On Jul 11, 2007, at 3:44 PM, Justin Giboney wrote:
So, I am reading the book "Essential PHP Security", and I came
across the part about the mysql username and password, and I have a
question.
How can someone read a include ending in PHP? I thought the PHP
code never left the server. He says that the file should not be in
a public folder, which I can understand, but since you see nothing
when that page is called through the internet, how can it be read?
I believe he's being extra careful, in the rare event that PHP might
break and Apache serve up .php files as plain text. I've seen it
happen once.
_______________________________________________
UPHPU mailing list
[email protected]
http://uphpu.org/mailman/listinfo/uphpu
IRC: #uphpu on irc.freenode.net
