> 1) Name your ini files .php so, database.ini will be database.php Actually I was assuming the configuration file to be a PHP script -- as is typical in big open-source CMSes. I took "ini file" earlier in the thread to be a generic description of any file, whatever the extension, that contains sensitive configuration data. > Our data will be safe as long as the first line will remains there. And as long as the file is actually handed off to PHP for processing. Seems like there are plenty of situations, none of them too far-fetched, that could cause the web server to mistakenly serve a file with ".php" in its name as a generic text file rather than handling it correctly. I'd rather just have the file outside of DocumentRoot and avoid that risk entirely. But again, maybe that's just unproductive paranoia? Ben -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
