I have been thinking about what is is best way to store confidential information. Currently I am using a file called "config.cgi" that has key/value pairs for each line: such as "password=mysecretpassword\n". Since the file ends in CGI, the contents are not viewable through the webserver, but only accessible by the filesystem. Is this a good idea? Are there more secure solutions? I can't use a database such as MySQL, but are non-relational databases a better choice?
Thanks!!!
When you think security you should think encryption, don't assume you can hide a file from an intruder, you can't.
There are plenty of articles around, including one on this site, explaining how to use encryption.
general you could use .php as file extension (or whatever xtension on your server will be parsed). additionally you could place that file one level under your document_root (mostly one level under /htdocs/ )... maybe are better solutions in the manuals from tomhath
