Adam Q wrote:
Putting the files outside the document root is secure, I agree... But how can you be sure of this with an open source application (as opposed to internally developed)? People are likely to drop your application anywhere in their web tree they think it fits.
you document the problem ..
you can even try to implement some detection based on the relativ location from the database file and the script that was called.
but in the end if incompetent people setup a system it is bound to have flaws. if they are not willing to pay competent people its their problem really, especially if they are also too lazy to read the docs and take care of warnings. this will be the same problem regardless if its opensource or not.
regards, Lukas
-- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
