In a virtual hosting environment, even though a directory permission is
set to 751, but you still need to leave world-readable permission on
individual php file that is to be read from a browser. In a scenario
where there's another user in the same server who can guess (or even
get, from URL) the name of php files, he can simply: cd
/home/user1/html; more thatfile.php. If thatfile.php contains
username/pwd to a db, this can lead to a compromise on that db.
Moreover, many times that db name is the same as username, as well as db
pwd is the same as user password!
Is there anyway one can protect this?
Thanks
-kittiwat
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
