The following new message has been posted on Phorm Support Forum at <http://www.phorm.com/support/>. *************************************************************************** MESSAGE: (#2318) Re: MySQL settings <http://www.phorm.com/support/?rev=2318> AUTHOR: Patrick O'Hara DATE: February 23, 2003 at 10:08 a.m. EST Reply To: (#2317) MySQL settings Author: moma_news Date: February 23, 2003 at 10:01 a.m. EST Hi there, From a security point of view, if someone asks for a php file in the URL, it will be executed by the server before being sent to the user. Your config file has no echo or print statements in it, so if a user requests that page, the server will send back a totally blank page. Test it if you like. If you use a plain text file, the user can enter it into the URL, and the server will prompt them to download it, unless you have the folder restricted. For security, include the database info in the config file. You wont even need to restrict the php file at all - you can set CHMOD to 755 with no risk. Be careful with the CHMOD settings as some things require global write access. Check your documentation for this. Basically if its a php file its already safe, and if its a txt file, it shouldn't have anything important in it anyway as txt files are used mostly as templates for e-mails etc. Hope this helps, Patrick O'Hara WhitsundayIT QLD, Australia patrick@xxxxxxxxxxxxxxxx www.whitsundayit.com *************************************************************************** This is an automatically-generated notice. If you'd like to be removed from the mailing list, please visit Phorm Support Forum at <http://www.phorm.com/support/>, or send your request to webbbs@xxxxxxxxxx If you wish to respond to this message, please post your response directly to the board. Thank you! ------------------------------------------------- You are receiving this message because you are subscribed to the Phorm mailing list. To send messages to the mailing list, simply send email to phorm@xxxxxxxxxxxxx from the address you have subscribed. You may unsubscribe from the list by sending email to phorm-request@xxxxxxxxxxxxx with 'unsubscribe' in the SUBJECT field.