Topic: Better security on stored passwords.
Well there is a problem with having a config.php, that I know how to solve, but I guess I should tell everyone.
If you have a config.php with passwords for the sql database, the novice user may have an login to it that is accessible from the outside. (If you have, I suggesst you first fix this! )
If they have, and someone would like to make that persons life a bit miserably, they just need to crash php, and look at the config.php, where all info is in clear text.
One way one can solve this by having a directory that php can access, but not the browser. (I have mine one step below where the page is, as an example). And in the config.php file add:
and then move all the other stuff into that file instead. This way if someone crashes php, they still cannot get their hands on the mysql passwords, or other delicate info.
Another way is to have no read privilegies on files called .inc or something, and keep the file in the same directory, but instead of the include above, have this:
You can then store this file in the same directory as the punBB, but knowing that your password is safe.
You will need to add some stuff in your browser configurations to get this to work. I use Apache2 and thus writes:
<Files ~ "*.inc">
Deny from all
just below where they have the restrictions about .ht files. (easier to have everything in one place). And I use a couple of .inc files ...
Don't know if this really is an feature request, but perhaps one would have the option to place the info in a certain file, and move it to wherever one likes, and the config.php would just be a link to it?