A problem from a developer in trouble.

Jon Daley roundcube at jon.limedaley.com
Tue Mar 21 13:48:08 CET 2006


On Tue, 21 Mar 2006, Colin Alston wrote:
>>     How would that happen?  The passwords are stored in a php file, so I 
>> don't believe accessible from outside the machine.  And local file access 
>> isn't affected by .htaccess.
>
> It only has to happen once if a configuration slips and your apache doesn't 
> interpret a php file and the whole world sees you with your underpants around 
> your ankles.
 	Ok, but why put code in the .htaccess, all that has to happen is 
apache set to ignore .htaccess files, and ...

> It's not worth the risk, security by obscurity is no security at all.
 	I believe that security through obscurity can actually be one 
valid level of security (after all, in the extreme case, that's all a 
password ever really is). (Linus Torvalds)




More information about the Dev mailing list