[tskou]

My ISP is running PHP3 in safemode as a Apache Module.
This means that I only include files (for example files which contain passwords and usernames for MySQL access) which are located in a web directory (htdocs/) which is accesible to everyone.
My concern is that if some sort of server error or misconfiguration occurs that the PHP3 source code (and thereby passwords and usernames) can be viewed by everybody.
What are the chances of this happening (that the server does not parse the php3 code and just sends the source code)?
What possibilities do I have making my scripts safe?
Can I overide the safemode with .htaccess ?

Tom.

[esconsult1]

I end up storing those kinds of files outside of the root folder ie.
/home/myhome/config/passwords.inc
instead of
/home/myhome/htdocs/passwords.inc

This way, if some misconfiguration occurs, then it would just show the include line, and nothing else.

------------------

[tskou]

Hi, thanks for your suggestion.
But your suggestion will not work when php runs in safe mode: you are only allowed to include files from the htdocs folder.

Tom

[esconsult]

Tom,
I guess I did not read your question correctly.

Do this:
1. Create a new .htaccess protected directory and place your includes in it.
2. Include them from your scripts.

So if the server is not configured for PHP, it will ask you for a password if someone goes in there. Otherwise it will just echo the main PHP script as a text file.

------------------
PHP, Perl, SQL Programming at http://www.mentalobjects.com