I agree these are good solutions and I have considered them. However, I am looking for an all-inclusive solution that is code only within PHP that allows the admin of the application to copy the files to their server and not need to do any server specific configuration. That is why I don't name the included files with .inc. It would require configuration of the server to prevent downloading of those files and I don't want to require that step of people who choose to run the app on their server.
Thanks for the input! Jacob "Chris Shiflett" <[EMAIL PROTECTED]> wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > --- Jacob Copsey <[EMAIL PROTECTED]> wrote: > > My style of PHP is to name all included files with a .php > > extension and of course this raises the problem of people > > accessing these script files directly. > > I always name included files *.inc myself, but that's a > personal preference combined with a strong desire to adhere > to strict naming conventions. > > It is very easy to make sure people cannot access your > include files directly. There are two common ways to do > this, and I will mention my preference first. > > 1. Do not store your include files under document root. > This is a very simple and straightforward approach that > negates all of the types of questions you were asking. > > 2. Deny access to any file with an extension of inc. Of > course, you would have to conform to a naming standard a > bit more for this to work. A quick Google search revealed > this example for Apache: > > <Files ~ "\.inc$"> > Order Allow, Deny > Deny from all > </Files> > > Chris -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
