on 1/16/02 6:04 PM, Rasmus Lerdorf at [EMAIL PROTECTED] wrote:
>> On Thu, 17 Jan 2002, [EMAIL PROTECTED] wrote:
>>
>> (1) avoid using .inc files; use .php files like for normal script
>
> No, it is safer to block access to .inc files with an httpd.conf rule.
> Allowing people to execute files that were meant to be included out of
> context could end up being much more dangerous than simply having people
> see the source.
here is that httpd.conf rule stolen from an earlier post by Rasmus
<Files ~ "\.inc$">
Order allow,deny
Deny from all
</Files>
with this rule, if someone requests a file ending in .inc, apache won't
deliver it. however, php will still be allowed to include those files
itself.
-- mike cullerton michaelc at cullerton dot com
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
