Re: [PHP] Bad Practices

Wed, 14 Feb 2001 13:12:33 -0800 

I told Apache to deny all .inc requets, ala .htaccess-style stuff in
the httpd.conf

-Szii

----- Original Message -----
From: Sebastian Stadtlich <[EMAIL PROTECTED]>
To: 'Rick Hodger' <[EMAIL PROTECTED]>; 'Php-General (E-Mail)
<[EMAIL PROTECTED]>
Sent: Wednesday, February 14, 2001 4:45 AM
Subject: AW: [PHP] Bad Practices


> OR you could tell apache to parse everything that ends with .inc with php.
> you can name it .inc .linux .linuxsucks .microsoftsucks
>
> (you'll need to have access to http.conf or .htaccess+right to override
...)
>
> sebastian
>
> > -----Ursprüngliche Nachricht-----
> > Von: Rick Hodger [mailto:[EMAIL PROTECTED]]
> > Gesendet: Mittwoch, 14. Februar 2001 09:51
> > An: [EMAIL PROTECTED]
> > Betreff: Re: [PHP] Bad Practices
> >
> >
> >
> > "Jeff Oien" <[EMAIL PROTECTED]> wrote in message
> > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> > > Would people like to list bad practices and also point us
> > > newbies to any articles online dealing with syntax, correct
> > > use of single and double quotes etc.?
> >
> > People who create scripts that include a need for access to a
> > SQL database,
> > meaning you need to give it a username and password then
> > making the damn
> > configuration file be called something stupid like config.inc.
> >
> > When you are scripting, using anything with a .inc extension
> > is just asking
> > for trouble. If someone requests that file, it'll get passed
> > straight to
> > them. It's a .inc, which means that PHP does not know to
> > parse it. Which
> > means, that person can see your usernames and passwords. And
> > because it's a
> > public package, they're far more likely to know the path to said file.
> >
> > --
> > Rick Hodger
> >
> >
> >
> > --
> > PHP General Mailing List (http://www.php.net/)
> > To unsubscribe, e-mail: [EMAIL PROTECTED]
> > For additional commands, e-mail: [EMAIL PROTECTED]
> > To contact the list administrators, e-mail:
> > [EMAIL PROTECTED]
> >
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
> To contact the list administrators, e-mail: [EMAIL PROTECTED]


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

Reply via email to