The recent thread on security has prompted me to think about security in a shared server environment. I want to see if my understanding is correct ...
Let's say I am in a shared server environment & the provider does NOT have safe_mode turned on. In that case, it seems to me that it is "insecure" to keep "secrets" (e.g., DB passwords) in a PHP file that is executed by the server. I say this because any other users of that shared host can read the PHP file & obtain the secret. There does not seem to be any way around this (once again, I am assuming safe_mode is NOT turned on). Am I correct? -- JR -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
