Hi Jonathan, Sensible questions actually.
I would expect the situation to be the same as with php. In that situation, if php crashes or becomes unavailable for some reason, and precautions have not been taken, the webserver will serve the source script rather than its output. I expect this applies to irev too. It is usual to store database connection credentials in an include so it can be accessed by multiple pages. If the hosting setup allows for includes to be stored above webroot where the webserver has no access but the scripting language does, then includes should be placed there. If storage above webroot is not possible, keep includes in their own directory having an htaccess (assuming apache) as follows: <files "*.*"> order allow,deny deny from all </files> This bars the webserver from accessing any files in the directory, but does not bar the scripting engine. I expect that would work with irev too. Martin Baxter On 10/02/2012 12:18, Jonathan Lynch wrote: > Hi everyone, > > If I have an iRev page that is going to access a database, I have to > use a database query that includes the user name and password. Is it > safe to put that information directly into the iRev page? That seems > risky to me. > > If I put the information into another page and I use a script to pull > in the information, wouldn't a hacker be able to look at the script, > learn the location of the other page, and then directly access that > page? > > I realize that the scripts on an iRev page do not show up when you > view the source of the page through a browser. Does this mean that > the script information on an iRev page is genuinely secure? > > I appologize if these are ignorant questions. > > Many thanks, > > Jonathan > _______________________________________________ use-livecode mailing list [email protected] Please visit this url to subscribe, unsubscribe and manage your subscription preferences: http://lists.runrev.com/mailman/listinfo/use-livecode
