I have a client that brought to my attention a very interesting problem.

If he has a website (www.domain.com) and he has a php page on it (order.php) that connects to the database. He has the user and pass in the page.


This is a linux server.

It seems that another person on the server could just figure out what directory he is in.

Then just do "vi order.php"

so they could read the user and pass and then connect to the database and steal information.

or even steal the scripts

I hope I explained this ok.

Does anybody have a solution to this?

I sure hope so.

Visit http://phphost@mybizhosting.com for great deals