On Sun, December 3, 2006 9:57 am, tedd wrote: > At 10:35 PM +0100 12/2/06, Alain Roger wrote: >>I'm working on .htaccess file for improving security. >>Based on documentation from PHPSEC.org, we should be able to store >> DB_USER >>login and DB_PASS password in some secret-stuff (for example) file, >> which >>should be located outside root of web document root. (for example in >> some >>/path_to_secret folder) > > The "path_to_secret folder" thing -- I have a question about. > > I'm working with what a host provides me and I've seen paths that I > can traverse/access and paths in a .htpacess file that I can't. For > example, in one site I see a .htaccess file that contains: > > AuthUserFile /home/admin/public_html/_vit_pvt/service.pwd > > But, the "_vit_pvt" folder is not apparent. I can't get to it -- is > this a host file that only they can access, or is there a secret > handshake I need to get to it, or what? That's a bull-crap made-up directory reference that FrontPage or something of that ilk added because everybody uses FrontPage, and everybody uses their lame-brained "security" layout of weird directory names. Replace it with a real AuthUserFile reference. :-) -- Some people have a "gift" link here. Know what I want? I want you to buy a CD from some starving artist. http://cdbaby.com/browse/from/lynch Yeah, I get a buck. So? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php