So about to put my shopping cart live and make the necessary .htaccess changes, but I've noticed that in the configure.php file it stores the MySQL database name, username and password as straight unencoded text.
Now the config.php file is obviously crucial, but can the reference in index.php be redirected to the configure.php in the /admin directory? The functions all look to be the same.
Otherwise, any ideas for how to stop people just typing in the url/configure.php, checking the source and getting that MYSQL info? I realise in the scheme of things it is pretty low risk, and there is no *super* sensitive customer info in the database, but it's something I'd like to do if I can.
Any advice greatly appreciated. Thank you!
