|
Posted by Willem Bogaerts on 06/04/07 06:46
> What is this groups overall view on setting up .htaccess with
> something like:
> php_value auto_prepend_file /path/to/password/file.php
>
> Is this a "Good Thing" or a "Bad Thing"? I have not deared to use it
> yet, though if it never "screws up" I'm inclined to think it is more
> secure since the path is hidden even when they can see your scripts.
Why do so in an .htaccess file? Do so in the main apache config.
Besides, I do not think there is much security left if people can see
the source code.
The best way to "protect" the passwords is to make them useless: block
any access from non-known machines (by IP address, for instance).
Best regards,
--
Willem Bogaerts
Application smith
Kratz B.V.
http://www.kratz.nl/
Navigation:
[Reply to this message]
|