Menu
▾
▴
Re: [Phpwiki-talk] index.php vs config.php
|
From: Jeff D. <da...@da...> - 2002-09-16 19:45:59
|
> First it would be in PHP, I hate writing Perl. My current first choice would be python :-) More seriously, many people may not have the CGI/standalone version of PHP installed (properly) which makes running standalone PHP scripts a bit problematic. The standalone PHP does not seem to be available in the RedHat 7.1 distribution, for example (though it is included in the 7.2 RPMs --- dunno about 7.3.) > My main motivation is to avoid exposing my database settings over the > web. Do you want it potentially available on the web that your data is > in a MySQL database named 'phpwiki' on host 'sql.example.com' and logs > into that database as 'wikiuser' with the password of 'securepasswd'? I see your point. Perhaps the configurator script could be made so that it doesn't reveal the current values of sensitive settings --- it would still, of course, give you the option to change the setting to something else. You'd see something like: MySQL database name: <has been set, not shown for security reasons> Change to: _______________________ (Or if a database name hasn't yet been set) MySQL database name: _________________________ An alternative would be to make it so that the configurator never reads the installed config file. Instead give the user an opportunity to POST a config file from which settings would be pulled. |
