> "Maybe I am missing something totally obvious, but if the server is set up > to > properly parse php files - having configs outside of the doc root should not > make much of a security difference? > " > > Is this a true statement or not? (of course we have to make the assumption > that server access has not been compromised....)
There was a version of php where exactly this sort of hole existed under certain conditions. That hole does not exist in the present version. Check the security announcements for details. However, you should always consider a file extension among the weaker class of protections. -- Joel Rees, programmer, Kansai Systems Group Altech Corporation (Alpsgiken), Osaka, Japan http://www.alpsgiken.co.jp -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
