Hi,
> The only reason that I was so adamant about it was I had a 'heated'
> discussion with a business associate who's server was compromised - and he
> was, lets say, insistant that the fact that there were database
> passwords in
> a php file inside the webroot was the reason it was insecure. I
> just wanted
> to know if I was wrong in saying that the passwords were not compromised
> without the server access being compromised....
>
> (not to mention the clear text password accesses, the wildcarded mysql
> access on a remote host passed in clear text, the lack of ssl on pages
> collection cc information, same root passwords across the network and
> dictionary hackable passwords for users :) Oh, and did I mention the non
> ssh telnet access from internet café's?)
Wow! Sounds like you have more important issues to worry about then where
you have your mysql connect info!
-Dan Joseph
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
