[FX.php List] Security Question

Kevin Futter kfutter at sbc.melb.catholic.edu.au
Tue Apr 29 21:14:59 MDT 2008


On 25/04/08 8:21 AM, "Jonathan Schwartz" <jschwartz at exit445.com> wrote:

> Hi Folks,
> 
> I'm interested to know if folks store username, passwords and other
> sensitive data in the FX/server-data.php file. Or, do you relocate
> these "keys to the kingdom" to a remote location?  I have seen advise
> to keep the info out of the web server folder altogether.
> 
> Any advise?
> 
> J

I store them there, and haven't had any problems (that I know about), but
keeping them as far away from the end user as possible is always a good
idea. However, I'm not sure how you'd go about this and still have them
available to PHP, keeping in mind I'm no expert in PHP include paths.

In my case though, the credentials in server_data.php just grant access to
FM files; the nature and extent of that access is controlled by the files
themselves. For user authentication, we use Active Directory and LDAP
anyway, so that's not a FileMaker issue for us.

-- 
Kevin Futter
Webmaster, St. Bernard's College
http://www.sbc.melb.catholic.edu.au/


#####################################################################################
This e-mail message has been scanned for Viruses and Content and cleared 
by MailMarshal
#####################################################################################

This e-mail and any attachments may be confidential. You must not disclose or use the information in this e-mail if you are not the intended recipient. If you have received this e-mail in error, please notify us immediately and delete the e-mail and all copies. The College does not guarantee that this e-mail is virus or error free.  The attached files are provided and may only be used on the basis that the user assumes all responsibility for any loss, damage or consequence resulting directly or indirectly from the use of the attached files, whether caused by the negligence of the sender or not. The content and opinions in this e-mail are not necessarily those of the College.


More information about the FX.php_List mailing list