My ISP is running PHP3 in safemode as a Apache Module.
This means that I only include files (for example files which contain passwords and usernames for MySQL access) which are located in a web directory (htdocs/) which is accesible to everyone.
My concern is that if some sort of server error or misconfiguration occurs that the PHP3 source code (and thereby passwords and usernames) can be viewed by everybody.
What are the chances of this happening (that the server does not parse the php3 code and just sends the source code)?
What possibilities do I have making my scripts safe?
Can I overide the safemode with .htaccess ?