On 24/08/2004, at 12:34 AM, Zeev Suraski wrote:
At 17:16 23/08/2004, Ilia Alshanetsky wrote:Here is the simple truth, if you are using a shared hosting solution that is
not VPS (Virtual Private Server) it would be relatively trivial for other
users of the system to access any file that the webserver has access to.
Your <? trick is a cool idea though :)
Zeev
Yes, I think that <? idea is what I was hoping somebody would provide!!! ;) I could have the answer I was looking for (but didn't know how to find ;)
I hope nobody though I was overly zealous in my stating my point. ;(
But I didn't want to be brushed aside, just because I was saying something as yet unsolved.
I thought more about the issue last night and I guess it can be summaried as thus:
In skilled hands an SQLite DB can be potentially more secure than a standard DB - but in unskilled hands the reverse is true, and SQLite becomes seriously insecure. Standard DBs don't vary to the same extent.
Could we have SQLite DB creation "option" that creates the DB with a header that begins <?php? (SQLite DBs are close to normal text in the first 20 chars anyway... ) - either way, I'm going to do some testing of Ilia's create table option and see if I can get around it.
Wow I can't believe I might be able to use an SQLite DB after all.
Thanks all, Adam
-- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
