I am seriously impressed with Phptest and am
preparing to use it next month. Thanks for this!
However, I am just wondering about the security
side of things. I have read the suggestion somewhere in these pages to keep the
priveleges of the MySql user's name down to 'select, insert, update and delete'
but what about the Phptest 'include' directory and files, which currently reside
by default in the public_html area. The config file in particular contains the
MySql password etc. Although not directly viewable (??) is this a real security
risk, in these days, or am I just paranoid? I assume I could move these files
outside the public directory tree, if I found out where they were called from,
and made suitable adjustments? Would this be worthwhile or is the current set-up
pretty robust?
Thanks,
Martin Snell
|