security php module error

Anon

I can't believe what happened with my web-site. For a unknown reason something happended and crashed the php module showing all the code of php scripts including passwords. I had to emergently lock all my scripts and called my ISP suport.
They said it was caused by php module. But in this case, where is my security?

Rod

[deleted]

The securty is in the way you setup your scripts.
If you have passwords hardcoded into your scripts, then you are the security hole, not php.

But, if the PHP module crashed, shouldn't apache complain about it and say it can't sere the page?

Anon

Although unusual this can happen... when your host doesn't know what it's doing.

First change hosts.

Second, NEVER, EVER keep username/password combinations in your main scripts.. include() them from a file that is below the document root. That way if, as happened to you, PHP scripts fail to parse for whatever reason and get displayed as plain text, the user will only see the called file for inclusion, and won't be able to call that file directly because it is below document root.

If your host had owned up to it's mistake I wouldn't tell you to leave, but their vague answer tells me they have one of two problems:

1) they don't know why it happened
2) they do know, but don't want to admit they made a mistake