2009/8/14 João Cândido de Souza Neto <joao@xxxxxxxxxxxxxxxxxxx>: > I think a good solution is to put the ini file out of your html folder so > only your scripts can read it. I agree, and I try to do the same, but I've noticed that most open-source CMSes I've looked at (Drupal, Joomla, Textpattern, CMS Made Simple) have always stored database credentials inside of DocumentRoot, by default. Not sure if this is a compromise to allow ease-of-use by less-technical users, or if my insistence on putting this sort of file outside of DocumentRoot is just paranoia (and not the good kind). I'd definitely be interested to hear how others on the list approach this problem. And that's only one part of the equation, if you're on a shared-hosting platform. Are you, or do you have your own server? Ben -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
