Guest fozz Posted August 4, 2006 Share Posted August 4, 2006 I was wondering if putting the Paypal API certificate in the /pear/ folder is secure? On Paypal's website is says this: Developers: Do not share your credential or use it in a manner in which others can access it. Consider storing the credential as a properties file in a secure location other than your web server document root and setting the file permissions so that only the system user executing your ecommerce application can access it. Actually, I just tested it and I can go straight to this files and downlaod it from my browser! Is this something that should be looked into? Can this certificate be integrated into the database or is there another way to make is secure? Or does this file even need protecting? Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.