Lucas Prado Melo wrote:
Hello,
Some php applications store database passwords into files which can be
read by the user www-data.
Why not keep them out of the web tree and inform the application
regarding the same. I am sure almost all good applications would provide
a simple way for doing it.
So, a malicious user which can write php scripts could read those passwords.
What should I do to prevent users from viewing those passwords?
I am not sure I understand this. Do you mean the attacker would upload
scripts and execute them to read th config files? If yes then that's a
different problem altogether.
regards
Regards,
Bipin Upadhyay.
http://projectbee.org
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
