[htdig] Possible security risk with local_url and server site includes

Marc Dietrich (Marc.Dietrich@hrz.uni-giessen.de)
Thu, 30 Sep 1999 15:21:51 +0200 (CEST)


I have a question concerning the ´local_urls´ directive. We are using
apache´s php module to embet mysql databases in our html pages. This
(should) require a password in the php3_mysql_pconnect() function.
Normaly the server replaces the php commands by database entries, so if
read through the browser, no password is seen.
Now the question: does htdig read such (.php?) files through the
filesystem (which will cause security problems) or does it fetch them
through the server?


Marc Dietrich

Marc Dietrich marc.dietrich@physik.uni-giessen.de

To unsubscribe from the htdig mailing list, send a message to
htdig@htdig.org containing the single word unsubscribe in
the SUBJECT of the message.

This archive was generated by hypermail 2.0b3 on Thu Sep 30 1999 - 07:02:02 PDT