No, that is not a good idea. It is potentially much worse to allow people to execute include files out of context than to merely let them see them. The correct way to handle this is to either put your include files outside the document_root, or add an Apache rule to block any direct access to .inc files.
-Rasmus On 1 Mar 2002, William Lovaton wrote: > If you use just and .inc file any user with a browser can hit in the > URL: http://www.site.com/connect.inc and see what is inside. > > So, de recomendation is: > > Use a .php extension: connect.inc.php > > > William > > > El jue, 28-02-2002 a las 14:16, Sam Masiello escribió: > > > > What you could do is have a script called connect.inc which has your > > pg_pconnect statement, then use the "include" directive to include your > > connect.inc on all of your subsequent PHP pages. This way you only have the > > username/password hard coded in one location so if the username/password > > were to change, you only have to change one script instead of changing many. > > > > HTH > > > > Sam Masiello > > Software Quality Assurance Engineer > > Synacor > > (716) 853-1362 X289 > > [EMAIL PROTECTED] > > > > _________________________________________________________ > Do You Yahoo!? > Get your free @yahoo.com address at http://mail.yahoo.com > > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
