Quote:
From Anup:just have to do a cat /path_to_def_files and see the database name and password.You are correct in that a user wouldn't be able to access a file from a shell but it won't prevent a hacker from writing a perl script (to rus as nobody from a browser) and getting at the def files.
All in all, the results are the same, security is compromised, the hacker just used a different door to walk through.
~Charlie