>For instance, PHP scripts have to be world readable. Which
>means that anyone who hard coded in a username and password to their mysql
>database are putting their database at risk.
Actually, is possible to restrict permissions. I have my permissions on some
PHP scripts set to 700,750, 600 and 6
> I have looked around the web and have yet to find a good tutorial on how to
> enable SuEXEC to work with PHP.
>
Use the CGI version.
Kai
--
Kai Schätzl, Berlin, Germany
Get your web at Conactive Internet Services: http://www.conactive.com
IE-Center: http://ie5.de & http://msie.winware.org
Cl
I personally don't see this as a major problem, ASP and Cold Fusion do
things the same way. If you work the security end of things correctly,
people shouldn't be able to see your config file that you can include from
somewhere else . . . that people can't see or have a mimetype returned
properly.
