Hello again,
Just wondering about something. Given that it's easy enough for a web-user to see the path of db.cgi (i.e. just doing a search for example), then for anyone familiar with DBMan then they would also know that a .cfg file existed too. Although the rest of the files I could put into some other obscure directory, then it would really not be of much use, since once the user knew the path of the .cfg then they could just type the full pathname of the .cfg and then get the path to the other files, including the password file. (because the .cfg would be listed as text in the browser). Is there some way around this that I don't know about ? Is it possible to get db.cgi to look for a .cfg with a different name to the database name or for it to look in a different directory to where db.cgi is? Or is it possible for it not to be displayed as text? I'm currently working on a second database for DBMan, so any mod would need to handle multiple databases. Would it be possible to do a mini-mod in db.cgi to add a web-master defined extra character to the .cfg or something - now I'm rambling, but am a little concerned that someone with DBMan knowledge could gain unauthorised acccess to things that I don't want them to.
Hope someone can suggest something.
Many thanks,
Dave (BigGeorge - or whoever I am)
Just wondering about something. Given that it's easy enough for a web-user to see the path of db.cgi (i.e. just doing a search for example), then for anyone familiar with DBMan then they would also know that a .cfg file existed too. Although the rest of the files I could put into some other obscure directory, then it would really not be of much use, since once the user knew the path of the .cfg then they could just type the full pathname of the .cfg and then get the path to the other files, including the password file. (because the .cfg would be listed as text in the browser). Is there some way around this that I don't know about ? Is it possible to get db.cgi to look for a .cfg with a different name to the database name or for it to look in a different directory to where db.cgi is? Or is it possible for it not to be displayed as text? I'm currently working on a second database for DBMan, so any mod would need to handle multiple databases. Would it be possible to do a mini-mod in db.cgi to add a web-master defined extra character to the .cfg or something - now I'm rambling, but am a little concerned that someone with DBMan knowledge could gain unauthorised acccess to things that I don't want them to.
Hope someone can suggest something.
Many thanks,
Dave (BigGeorge - or whoever I am)