Say I have a file that contains a single password. It's blocked from Apache to deny access. Then, I create a PHP script that reads this file and does something with the contents (authenticates). Maybe my PHP script says
$pswd = file_get_contents("pswd.txt");
Is this secure? Is there any way for someone to get the value of `$pswd? If the file is blocked from Apache, can it be considered private, even if a PHP script is reading it?
Aucun commentaire:
Enregistrer un commentaire