Jon Daley wrote:
On Tue, 21 Mar 2006, Colin Alston wrote:
But be sure you don't make the site go live unless you're sure the outside world does not have access to your configuration (namely database passwords).
How would that happen? The passwords are stored in a php file, so I
don't believe accessible from outside the machine. And local file access isn't affected by .htaccess.
It only has to happen once if a configuration slips and your apache doesn't interpret a php file and the whole world sees you with your underpants around your ankles. It's not worth the risk, security by obscurity is no security at all.