A problem from a developer in trouble.
roundcube at jon.limedaley.com
Tue Mar 21 13:48:08 CET 2006
On Tue, 21 Mar 2006, Colin Alston wrote:
>> How would that happen? The passwords are stored in a php file, so I
>> don't believe accessible from outside the machine. And local file access
>> isn't affected by .htaccess.
> It only has to happen once if a configuration slips and your apache doesn't
> interpret a php file and the whole world sees you with your underpants around
> your ankles.
Ok, but why put code in the .htaccess, all that has to happen is
apache set to ignore .htaccess files, and ...
> It's not worth the risk, security by obscurity is no security at all.
I believe that security through obscurity can actually be one
valid level of security (after all, in the extreme case, that's all a
password ever really is). (Linus Torvalds)
More information about the Dev