Re: Simple open source CMS as a starting point

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Michael A. Peters wrote:
> 
> Another thing the common CMS tools frequently do - they want a
> configuration file that the web server has write permission to that is
> parsed as php by almost every page the app displays. Big mistake - if
> you want a web interface to change settings, store the settings in a
> database table, don't have the web app write them to a file that other
> pages include.
> 
> Finally, another thing they often do is to have a directory the web
> server has write permission to in the web root. Big mistake, you don't
> want apache to have write permission to any directories (or files) that
> it serves, you want to keep those outside the web root and use php to
> grab what needs to grabbed (IE a php wrapper to fetch images that users
> have uploaded).
> 
> Have fun, but if looking at other apps to figure out how to do things,
> just remember that many of the webapps out there are not examples of
> good code and remember that most php books are not written by security
> gurus (I'm not a security guru, and even I've found insecure practices
> in several books).
> 
> Unfortunately a lot of jerks exist who want to own your server and use
> it to spam the world (or attack other servers).

Some good advice, however I have never been able to retrieve my db type,
db name, db user name and db password from the database without first
using these to connect to the database ;-)

-- 
Thanks!
-Shawn
http://www.spidean.com

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php


[Index of Archives]     [PHP Home]     [Apache Users]     [PHP on Windows]     [Kernel Newbies]     [PHP Install]     [PHP Classes]     [Pear]     [Postgresql]     [Postgresql PHP]     [PHP on Windows]     [PHP Database Programming]     [PHP SOAP]

  Powered by Linux