[phorm] [Phorm:] Re: MySQL settings

• From: webbbs@xxxxxxxxx
• To: support@xxxxxxxxx
• Date: 23 Feb 2003 15:08:46 -0000

The following new message has been posted on Phorm Support Forum at 
<http://www.phorm.com/support/>. 

*************************************************************************** 

  MESSAGE:  (#2318) Re: MySQL settings 
            <http://www.phorm.com/support/?rev=2318> 
  AUTHOR:   Patrick O'Hara 
  DATE:     February 23, 2003 at 10:08 a.m. EST 

  Reply To: (#2317) MySQL settings 
  Author:   moma_news 
  Date:     February 23, 2003 at 10:01 a.m. EST 

Hi there, 

From a security point of view, if someone asks for a php file in the URL, it 
will be executed by the server before being sent to the user. Your config file 
has no echo or print statements in it, so if a user requests that page, the 
server will send back a totally blank page. Test it if you like. 

If you use a plain text file, the user can enter it into the URL, and the 
server will prompt them to download it, unless you have the folder restricted. 
For security, include the database info in the config file. You wont even need 
to restrict the php file at all - you can set CHMOD to 755 with no risk. 

Be careful with the CHMOD settings as some things require global write access. 
Check your documentation for this. Basically if its a php file its already 
safe, and if its a txt file, it shouldn't have anything important in it anyway 
as txt files are used mostly as templates for e-mails etc. 

Hope this helps, 

Patrick O'Hara 
WhitsundayIT 
QLD, Australia 

patrick@xxxxxxxxxxxxxxxx 
www.whitsundayit.com 

*************************************************************************** 

This is an automatically-generated notice.  If you'd like to be removed from 
the mailing list, please visit Phorm Support Forum at 
<http://www.phorm.com/support/>, or send your request to webbbs@xxxxxxxxxx  If 
you wish to respond to this message, please post your response directly to the 
board.  Thank you! 
-------------------------------------------------
You are receiving this message because you are subscribed to the Phorm mailing 
list. To send messages to the mailing list, simply send email to 
phorm@xxxxxxxxxxxxx from the address you have subscribed. You may unsubscribe 
from the list by sending email to phorm-request@xxxxxxxxxxxxx with 
'unsubscribe' in the SUBJECT field.

Other related posts:

• » [phorm] [Phorm:] Re: MySQL settings
• » [phorm] [Phorm:] Re: MySQL settings

1. Home
2. phorm
3. Archive
4. 02-2003

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---