This boys and girls is why you don't put a config file full of passwords into a web accessable directory
OMG!! An actual POST. (more on that later) So I'm playing with StumbleUpon earlier and I hit the button and suddenly a strange page. Full of code. To my surprise its actually their code ... more specifically it seems to be a configuration file for databases, and network topology and it includes the passwords. (and to answer everyone's question: I didn't use the information for evil, nor is the information available to anyone for evil or otherwise. As much as I wanted to keep it for posterity, I deleted it. No chance of someone using my computer and finding it, or my own temptations getting the better of me). A combination of PHP, inexperienced developers as well as the rise of cheap shared hosting have made this a wide-spread problem, not just for StumbleUpon. One thing I really like about Perl is the "use strict" pragma, which forces you to say "my included file is right here in this directory" ... otherwise it looks only in a specified path. PHP inc...