Shawn McKenzie wrote:
Michael A. Peters wrote:
Another thing the common CMS tools frequently do - they want a
configuration file that the web server has write permission to that is
parsed as php by almost every page the app displays. Big mistake - if
you want a web interface to change settings, store the settings in a
database table, don't have the web app write them to a file that other
pages include.
Some good advice, however I have never been able to retrieve my db type,
db name, db user name and db password from the database without first
using these to connect to the database ;-)
Since the database user used by the script shouldn't have db admin
privileges, it doesn't make sense to be able to change those from a
webapp admin interface anyway, changing those should require shell login.
Yes, I saw the wink, but restricting the privileges of the DB user is
worth mentioning anyway.
I suppose they could be changed via phpMyAdmin if you run it (I don't,
but if I did, it would have to be from an SSL served directory with
mod_auth protection)
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php