Google API PHP Library security flaw

[GoogleCodeExporter]

Hi,

I just saw that the php library available for download has the user credentials 
and the tooken string in the file:
src/Google/Api/Ads/AdWords/Auth.ini

Since *.ini files are text files and display the full text of a file in the 
browser I believe it is a major security flaw.

There are ways to fix this like .htaccess deny reules for .ini files or 
renaming the file to *.php and fixing the script after that, but most of the 
people who use the script do not do these kinds of modifications.

Doing a simple search in Google for the path of the .ini file will give you 
access to that person's email account.

Thanks.

Original issue reported on code.google.com by domin...@gmail.com on 30 Nov 2010 at 11:09

[GoogleCodeExporter]

The use of the auth.ini file is optional, and the information can be stored in 
a database or other location and then passed into the constructor of the 
AdWordsUser.

Original comment by api.ekol...@gmail.com on 7 Dec 2010 at 4:32

• Changed state: WontFix