Posted by Sandman on 04/29/06 23:23

In article <ksH4g.117$ZM6.102@fe05.usenetserver.com>,
David Haynes <david.haynes2@sympatico.ca> wrote:

> 1. How is this specific to Unix and/or home directories? It seems more
> about keeping private data in the web server space.

Indeed.

> 2. Why not keep most of your private data in a database? That is not
> within the web server space but can be accessed as needed.

Well, information about how to connect to the database and
username/password couldn't really be kept in the database you're
trying to connect to.

> 3. If you need to store private data within the web server space, why
> not encrypt it first?

The OP was probably mostly talking about "download your PHP guestbook
now" type of scripts, where the scripts has its settings in a file
that needs to be resided on the same path as the script itself, for
convenience - since the programmer, or program, doesn't know where
"Outside the web scope is" for all the people that will download the
script.

Encrypting such a file needs the user to know HOW to encrypt it. A
startup process that asks - via web forms - for the passwd/user and
then saves and reades them encrypted would be a good idea.-



--
Sandman[.net]

[Back to original message]