On Thursday 06 November 2003 13:36, Chris Shiflett wrote: > For example, if you store your sessions in a database, it's pretty trivial > for another user to write a PHP script that allows him/her to navigate the > filesystem, searching for your database access credentials. After all, if > Apache/PHP can read the file that contains this information, then it's > fair game for anyone else on the same server. With your database access > credentials, it's pretty easy to manipulate session data.
Apache hosts can minimise this problem by hardcoding the mysql access credentials into the <VirtualHost> containers. > If security is super important to you, hopefully you can afford a > dedicated server. Absolutely. -- Jason Wong -> Gremlins Associates -> www.gremlins.biz Open Source Software Systems Integrators * Web Design & Hosting * Internet & Intranet Applications Development * ------------------------------------------ Search the list archives before you post http://marc.theaimsgroup.com/?l=php-general ------------------------------------------ /* 24. You can do this patch with the system up... --Top 100 things you don't want the sysadmin to say */ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
