On Monday 30 July 2001 20:14, [EMAIL PROTECTED] wrote:
> It's also possible (if you're allowed to change the httpd.conf file) to put
> in a <filesmatch> directive, something like
> <FilesMatch "\.(htaccess|inc|log)$">
> Order deny,allow
> Deny from all
> </FilesMatch>
This is also by far the safest technique (other than moving the included
files outside your webroot), as it means there is no chance of an included
file being parsed without it's normal surrounding code which may provide a
security hole in your system.
Do it this way!!!!
--
Phil Driscoll
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
