config files

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View

I have a file outside of the web root and this file contains db  
username/passwds, and other config stuff.  I include this file as needed in  
the scripts.  Is this a secure way of doing this?  Would the contents of  
this file ever be visible to web users under normal or abnormal conditions?

Thanks, Mike  

----== Posted via Newsfeeds.Com - Unlimited-Uncensored-Secure Usenet News==---- The #1 Newsgroup Service in the World! 120,000+ Newsgroups
----= East and West-Coast Server Farms - Total Privacy via Encryption =----

Re: config files

Quoted text here. Click to load it

 Security is rarely absolute, but this is a pretty good method in most cases.

Quoted text here. Click to load it

 To web users - not under normal conditions, and it would take a severe bug to
show it under abnormal conditions (i.e. a page that due to a bug allowed direct
display of arbitrary files).

 Note that this is not fully secure on a shared webhost if the other users of
that server (not web users - but server users) aren't trusted, as other users'
PHP scripts are likely to be able to access the file outside the web root if
they know where it is - it's got to be accessible to the webserver, and other
users may be using that webserver.

 If the userbase of the server is trusted, this is fine - e.g. you have a
dedicated server. Even if not, you can make a judgement call as to whether
other users of the server would jeopardise their investment in hosting by
"hacking" other users on the same server.

 There are ways of locking this down further, but you'd probably have to run
PHP as CGI so it ran under your own user credentials - but this has potentially
serious performance implications.

< Space: disk usage analysis tool

Re: config files

Quoted text here. Click to load it

No it will not be visible to the web users
Raj Shekhar                    
blog : home :
Disclaimer :

Site Timeline