Hi,
I have a question/concern about data security using bizhat.com.
Usually using php website (like phpBB2 forum), it is a safe practice to put the username/password information in a folder which is accessible just for the php not the web!
For example: if phpBB2 save the username/password data in an "index" folder, it is safer to put the folder the way that the Internet users cannot point it directly. Imagine this; the Linux web space provides WWW folder and what is located under it to the web server, so put the username/password folder not under WWW folder. Then in the phpBB2 config file point to the right username/password folder. (Let's say ../../index/ if phpBB2 is located at /WWW/phpBB/ and the index folder is located at /index/)
The problem is here! Bizhat.com does not provide such a space that the user can upload the username/password files there and is not accessible by Web server. After FTP login, the root folder <...>.bizhat.com is the root of web space and user cannot put the data on the top of that! It raises a security issue as long as hackers can point to that folder and download the username/password files.
Please advice.
Regards,
Kiavash
Bookmarks