3
As I read more about PHP and security and such it makes me wonder why it wasn't written to be put in a "trusted directory" in the first place.
Was it figured out that this format was the best format to be most compatible with everyone out there? I am assuming some setups don't allow for a directory/folder not in htdocs directory.
Guessing at this point it would be a big project to get it to work in such a format.
Seems to me that the potential of having access to the source code (Even if you have just the SQL structures and DB access stuff in a protecte directory) is a bad idea because if a hacker can figure out what modules and versions you are using and such they should be able to look through them for security issues that can be used. I also do realize that in some cases it takes a lax in security settings to actually read any of the .php files but still, if ALL of the source is in the "trusted directory" it seems like it would better secure alot of things... Might mean a change to the way things are handled in XOOPS but isn't the security risk of having the source code available an issue?
Just trying to learn the thinking of how this all works..
Rodney
Attending College working towards Bachelors in Software Engineering and Network Security.
