Posted by Sandman on 04/29/06 23:25

In article <1146331981.634291.288790@g10g2000cwb.googlegroups.com>,
"Chung Leong" <chernyshevsky@hotmail.com> wrote:

> Pointless rant. In a typical set up the database server isn't
> accessible to the outside world, so the risk of exposure through a
> misconfigured web server isn't that unreasonable to take. The database
> login/password is only useful to someone who can access the
> database--i.e. another account on the same server. Putting your config
> file your home directory does not prevent him from reading it.

See another one of my posts in my thread here, where this actually
happened. A user gained access to my MySQL server through a
user/passwd file kept outside the web scope, using the web servers
granted connection to the database. :)


--
Sandman[.net]

[Back to original message]