Thanks guys, I think I can figure out the details from there. Take care :)
J On Fri, Feb 10, 2012 at 8:19 AM, Martin Baxter < [email protected]> wrote: > Hi Jonathan, > > Sensible questions actually. > > I would expect the situation to be the same as with php. In that > situation, if php crashes or becomes unavailable for some reason, and > precautions have not been taken, the webserver will serve the source > script rather than its output. I expect this applies to irev too. > > It is usual to store database connection credentials in an include so it > can be accessed by multiple pages. If the hosting setup allows for > includes to be stored above webroot where the webserver has no access > but the scripting language does, then includes should be placed there. > > If storage above webroot is not possible, keep includes in their own > directory having an htaccess (assuming apache) as follows: > > <files "*.*"> > order allow,deny > deny from all > </files> > > This bars the webserver from accessing any files in the directory, but > does not bar the scripting engine. I expect that would work with irev too. > > Martin Baxter > > On 10/02/2012 12:18, Jonathan Lynch wrote: > > Hi everyone, > > > > If I have an iRev page that is going to access a database, I have to > > use a database query that includes the user name and password. Is it > > safe to put that information directly into the iRev page? That seems > > risky to me. > > > > If I put the information into another page and I use a script to pull > > in the information, wouldn't a hacker be able to look at the script, > > learn the location of the other page, and then directly access that > > page? > > > > I realize that the scripts on an iRev page do not show up when you > > view the source of the page through a browser. Does this mean that > > the script information on an iRev page is genuinely secure? > > > > I appologize if these are ignorant questions. > > > > Many thanks, > > > > Jonathan > > > > > _______________________________________________ > use-livecode mailing list > [email protected] > Please visit this url to subscribe, unsubscribe and manage your > subscription preferences: > http://lists.runrev.com/mailman/listinfo/use-livecode > -- Do all things with love _______________________________________________ use-livecode mailing list [email protected] Please visit this url to subscribe, unsubscribe and manage your subscription preferences: http://lists.runrev.com/mailman/listinfo/use-livecode
