|
|
Posted by Chuck Anderson on 08/07/06 23:41
My shared host used to have Php configured such that I could place a
php.ini file into any directory on my site and that was the php.ini file
that the Php cgi would use when it ran scripts.
Since upgrading to Php5.1 that is no longer possible (not allowed in
Php5.1 (?) ).
Anyway, ... this was a very handy way for me to set the include path so
that I could keep files with sensitive data (e.g., database usernames,
passwords) out of the site's public path.
My hosting service has actually rolled back to Php5.0 so that I could
continue doing as I had been ... with the caveat that they will
ultimately have to go with 5.1.
So, I have a set of questions.
1. Is there another way that I can set the include path globally for my
site? (Adding them to htaccess throws a 500 server error.)
2. How much security is really gained by moving sensitive include files
out of the site path (my include files all use the .php extension)?
Should I even be that concerned about this capability?
3. Would I gain the same security if I changed my current include files
(which I would have to put back into the public site path) to do nothing
but set include_path outside the public site and then include a new,
secondary file which actually contains the sensitive data?
4. Does anyone know why I *can* use local php.ini files in 5.01 and not
in 5.1?
--
*****************************
Chuck Anderson • Boulder, CO
http://www.CycleTourist.com
*****************************
Navigation:
[Reply to this message]
|