On Sat, December 2, 2006 3:35 pm, Alain Roger wrote: > I'm working on .htaccess file for improving security. > Based on documentation from PHPSEC.org, we should be able to store > DB_USER > login and DB_PASS password in some secret-stuff (for example) file, > which > should be located outside root of web document root. (for example in > some > /path_to_secret folder) I think .htaccess *is* the file being included... It might be possible to use Apache's . operator (I think it's . ) to suck in yet another file, outside the web root, so that a change to the rules about not serving up .ht* files would not matter to that file to be included... But you've strayed into the "this is an Apache question" realm pretty heavily... http://apache.org/ probably addresses this somewhere, one way or the other, if you dig enough. -- Some people have a "gift" link here. Know what I want? I want you to buy a CD from some starving artist. http://cdbaby.com/browse/from/lynch Yeah, I get a buck. So? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
