amallah wrote:So, if you run a web hosting service, pretty much security is down the drain? Are we saying that PHP is not meant for professional hosting then? If I have a database of user credit card numbers, then it's pretty much a free for all if you can get any type of access to the box?
It all depends on how the server has thier configuration. Most systems it is secure enough to make it difficult for people to get into and have resrictions from people accessing scripts cross domain. What I would do for your config.inc.php is make a dir behind the public_html. The only thing is no system is hacker proof. Credit Cards should NEVER be stored on a shared server. no exceptions.